{"resultsPerPage":2000,"startIndex":0,"totalResults":15911,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T00:57:00.561","vulnerabilities":[{"cve":{"id":"CVE-2016-3150","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en wallpaper.php en el Base Unit en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anteriores a 01.06.02 y CSE-200 con firmware anterior a 01.03.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.09.05.02","matchCriteriaId":"E6020276-011C-4678-ABEF-0B74155FBDD1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_csc-1:-:*:*:*:*:*:*:*","matchCriteriaId":"5A88BAB0-B290-46CB-91BD-F6872C838FC5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.09.02.05","matchCriteriaId":"0229AF97-0BA2-4A55-9533-06A3BF3D4F39"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_cse-200:-:*:*:*:*:*:*:*","matchCriteriaId":"7906FBC3-E8B5-4574-B13A-5DED4A60585B"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94330","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3151","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en la funcionalidad de análisis de fondos de pantalla en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anterior a 01.06.02 y CSE-200 con firmware anterior a 01.03.02 permite a atacantes remotos leer /etc/shadow a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.09.02.03","matchCriteriaId":"99D36A3E-A505-4436-95E4-2F4F234665CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_csc-1:-:*:*:*:*:*:*:*","matchCriteriaId":"5A88BAB0-B290-46CB-91BD-F6872C838FC5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_csm-1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.06.01.04","matchCriteriaId":"5143AFB6-593D-483E-A056-0B9D783E9720"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_csm-1:-:*:*:*:*:*:*:*","matchCriteriaId":"B6332071-FA97-4220-AC19-0C62C6593BE1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_cse-200_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.03.01.05","matchCriteriaId":"60499FE0-4A38-4271-A038-3C249C3EDBAB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_cse-200:-:*:*:*:*:*:*:*","matchCriteriaId":"7906FBC3-E8B5-4574-B13A-5DED4A60585B"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94330","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3152","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow remote attackers to obtain the root password by downloading and extracting the firmware image."},{"lang":"es","value":"Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 permiten a atacantes remotos obtener la contraseña del root descargando y extrayendo la imagen del firmware."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:barco:clickshare_csc-1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01.09.02.03","matchCriteriaId":"99D36A3E-A505-4436-95E4-2F4F234665CC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:barco:clickshare_csc-1:-:*:*:*:*:*:*:*","matchCriteriaId":"5A88BAB0-B290-46CB-91BD-F6872C838FC5"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94326","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539754/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94326","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5715","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501."},{"lang":"es","value":"La vulnerabilidad de redirección abierta en la Consola en Puppet Enterprise 2015.x y 2016.x en versiones anteriores a 2016.4.0 permite a atacantes remotos redirigir a los usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing mediante // (barra oblicua barra oblicua) seguida de un dominio en el parámetro de redirección. NOTA: esta vulnerabilidad existe debido a una corrección incompleta de CVE-2015-6501."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2015.2.0","versionEndIncluding":"2015.3.3","matchCriteriaId":"ED2379D4-71A8-4AB9-9F2E-5D60D043A6AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2016.1.1","versionEndIncluding":"2016.4.0","matchCriteriaId":"8507EEF8-8587-4322-831E-6E733BAEAEAE"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/139302/Puppet-Enterprise-Web-Interface-Open-Redirect.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539618/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/93846","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2016-5715","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://hyp3rlinx.altervista.org/advisories/PUPPET-AUTHENTICATION-REDIRECT.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/139302/Puppet-Enterprise-Web-Interface-Open-Redirect.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539618/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/93846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2016-5715","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5737","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a crafted review."},{"lang":"es","value":"La configuración de Gerrit en el módulo Openstack Puppet para Gerrit (también conocido como puppet-gerrit) marca indebidamente text/html como un mimetype seguro, lo que podrían permitir a atacantes remotos llevar a cabo ataques XSS a través de una revisión manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openstack:puppet-gerrit:-:*:*:*:*:*:*:*","matchCriteriaId":"F6C7B327-C3F9-4DEB-A03F-63A1CC3806EF"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/2","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91352","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91352","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/openstack-infra/puppet-gerrit/commit/8573c2ee172f66c1667de49685c88fdc8883ca8b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6492","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek driver for Linux allows local users to gain privileges via a crafted application that makes an MT6573FDVTIOC_T_SET_FDCONF_CMD IOCTL call."},{"lang":"es","value":"La función MT6573FDVT_SetRegHW en camera_fdvt.c en el controlador MediaTek para Linux permite a usuarios locales obtener privilegios a través de una aplicación manipulada que hace una llamada IOCTL MT6573FDVTIOC_T_SET_FDCONF_CMD."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.0","matchCriteriaId":"3138B760-5845-4B97-853D-083482BB61B4"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138113/MediaTek-Driver-Privilege-Escalation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539058/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92207","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/138113/MediaTek-Driver-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539058/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92207","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9299","sourceIdentifier":"cve@mitre.org","published":"2017-01-12T23:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server."},{"lang":"es","value":"El módulo remoting en Jenkins en versiones anteriores a 2.32 y LTS en versiones anteriores a 2.19.3 permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado, lo que desencadena una consulta LDAP a un servidor de terceros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*","versionEndIncluding":"2.19.2","matchCriteriaId":"C85414B7-4C07-49C3-BD78-17A3A681F48D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*","versionEndIncluding":"2.31","matchCriteriaId":"C94D8097-3E9E-4245-AA35-CCEAF14BE898"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/12/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94281","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ","source":"cve@mitre.org"},{"url":"https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/LZ7EOS0fBgAJ","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW2KUKYLNLVDB7STLHLYALCUFLEGCRM6/","source":"cve@mitre.org"},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.cloudbees.com/jenkins-security-advisory-2016-11-16","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/44642/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/12/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94281","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/#%21original/jenkinsci-advisories/-fc-w9tNEJE/LZ7EOS0fBgAJ","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZW2KUKYLNLVDB7STLHLYALCUFLEGCRM6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-11-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cloudbees.com/jenkins-security-advisory-2016-11-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/44642/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-10135","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application components that are accessible to any application that resides on the device. Namely, the com.mediatek.mtklogger.framework.LogReceiver and com.mediatek.mtklogger.framework.MTKLoggerService application components are exported since they contain an intent filter, are not protected by a custom permission, and do not explicitly set the android:exported attribute to false. Therefore, these components are exported by default and are thus accessible to any third party application by using android.content.Intent object for communication. These application components can be used to start and stop the logs using Intent objects with embedded data. The available logs are the GPS log, modem log, network log, and mobile log. The base directory that contains the directories for the 4 types of logs is /sdcard/mtklog which makes them accessible to apps that require the READ_EXTERNAL_STORAGE permission. The GPS log contains the GPS coordinates of the user as well as a timestamp for the coordinates. The modem log contains AT commands and their parameters which allow the user's outgoing and incoming calls and text messages to be obtained. The network log is a tcpdump network capture. The mobile log contains the Android log, which is not available to third-party apps as of Android 4.1. The LG ID is LVE-SMP-160019."},{"lang":"es","value":"Se descubrió un problema en los dispositivos LG que utilizan el chipset MTK con software L(5.0/5.1), M(6.0/6.0.1) y N(7.0) y dispositivos RCA Voyager Tablet, BLU Advance 5.0 y BLU R1 HD. La aplicación MTKLogger con un nombre de paquete de com.mediatek.mtklogger tiene componentes de aplicación que son accesibles para cualquier aplicación que resida en el dispositivo. Es decir, los componentes de la aplicación com.mediatek.mtklogger.framework.LogReceiver y com.mediatek.mtklogger.framework.MTKLoggerService se exportan ya que contienen un filtro de intenciones, no están protegidos por un permiso personalizado y no establecen explicitamente Android: exportado a false. Por lo tanto, estos componentes se exportan de forma predeterminada y, por lo tanto, son accesibles a cualquier aplicación de terceros utilizando el objeto android.content.Intent para la comunicación. Estos componentes de aplicación se pueden utilizar para iniciar y detener los registros mediante objetos Intent con datos incrustados. Los registros disponibles son el el registro GPS, el registro del módem, el registro de la red y el registro móvil. El directorio base que contiene los directorios para los 4 tipos de registros is /sdcard/mtklog que los hace accesibles a las aplicaciones que requieren el permiso READ_EXTERNAL_STORAGE. El registro GPS del usuario, así como una marca de tiempo para las coordenadas. El registro de módem contienen comando AT y sus parámetro que permiten obtener las llamadas entrantes y salientes del usuario y los mensajes de texto. El registro para teléfonos móviles contiene el registro de Android, que no está disponible para aplicaciones de terceros desde Android 4.1. El LG ID is LVE-SMP-160019."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lg:lg_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"CE4185E2-D986-4F05-A3B1-509834A4F2DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:lg:lg_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"C6CFA104-4FA7-4C19-82F4-FBE168D1FF10"},{"vulnerable":true,"criteria":"cpe:2.3:o:lg:lg_mobile:6.0:*:*:*:*:*:*:*","matchCriteriaId":"94759827-0B92-496A-96F0-E539AD843976"},{"vulnerable":true,"criteria":"cpe:2.3:o:lg:lg_mobile:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4FAB1BDE-011E-4B44-8E23-3031C78E440E"},{"vulnerable":true,"criteria":"cpe:2.3:o:lg:lg_mobile:7.0:*:*:*:*:*:*:*","matchCriteriaId":"F2074A17-35B6-425D-B6AC-954984FEC837"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96846","source":"cve@mitre.org"},{"url":"https://lgsecurity.lge.com/security_updates.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96846","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lgsecurity.lge.com/security_updates.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10136","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device."},{"lang":"es","value":"Se descubrió un problema en los dispositivos BLU R1 HD con software Shanghai Adups. El proveedor de contenido denominado com.adups.fota.sysoper.provider.InfoProvider en la aplicación con un nombre de paquete de com.adups.fota.sysoper permite a cualquier aplicación en el dispositivo leer, escribir y eliminar archivos como usuario de sistema. En el archivo AndroidManifest.xml de la aplicación com.adups.fota.sysoper, establece el atributo android:SharedUserld en un valor de android.uid.system que lo hace ejecutar como el usuario del sistema el cual es un usuario muy privilegiado en el sistema. Esto permite a una aplicación de terceros leer, escribir y eliminar archivos propiedad del usuario del sistema. La aplicación de terceros puede modificar el archivo /data/system/users/0/settings_secure.xml para añadir una aplicación como escucha de notificaciones para poder recibir el texto de las notificaciones a medida que se reciben en el dispositivo. Esto también permite leer /data/system/users/0/accounts.db que contienen tokens de autenticación para varias cuentas del dispositivo. La aplicación de terceros puede obtener información privilegiada y también modificar archivos para obtener más privilegios en el dispositivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adups:adups_fota:-:*:*:*:*:*:*:*","matchCriteriaId":"D8B2E488-EEE4-4C16-B1F6-BD5847A0DE1A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96854","source":"cve@mitre.org"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"http://www.securityfocus.com/bid/96854","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}]}},{"cve":{"id":"CVE-2016-10137","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete the user's sent and received text messages and call log. This allows a third-party app to obtain PII from the user without permission to do so."},{"lang":"es","value":"Se descubrió un problema en los dispositivos BLU R1 HD con software Shanghai Adups. El proveedor de contenido denominado com.adups.fota.sysoper.provider.InfoProvider en la aplicación con un nombre de paquete com.adups.fota.sysoper permite a cualquier aplicación en el dispositivo leer, escribir y eliminar archivos como usuario de sistema. En el archivo AndroidManifest.xml de la aplicación com.adups.fota.sysoper establece el atributo android:sharedUserId en un valor android.uid.system que lo ejecuta como un usuario del sistema, el cual es un usuario muy privilegiado en el dispositivo. Esto permite que a una aplicación de terceros leer, escribir y eliminar los mensajes de texto enviados y recibidos del usuario y el registro de llamadas. Esto permite que una aplicación de terceros obtenga PII del usuario sin permiso para hacerlo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adups:adups_fota:-:*:*:*:*:*:*:*","matchCriteriaId":"D8B2E488-EEE4-4C16-B1F6-BD5847A0DE1A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96852","source":"cve@mitre.org"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"http://www.securityfocus.com/bid/96852","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}]}},{"cve":{"id":"CVE-2016-10138","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with Shanghai Adups software. The com.adups.fota.sysoper app is installed as a system app and cannot be disabled by the user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. The app has an exported broadcast receiver named com.adups.fota.sysoper.WriteCommandReceiver which any app on the device can interact with. Therefore, any app can send a command embedded in an intent which will be executed by the WriteCommandReceiver component which is executing as the system user. The third-party app, utilizing the WriteCommandReceiver, can perform the following actions: call a phone number, factory reset the device, take pictures of the screen, record the screen in a video, install applications, inject events, obtain the Android log, and others. In addition, the com.adups.fota.sysoper.TaskService component will make a request to a URL of http://rebootv5.adsunflower.com/ps/fetch.do where the commands in the String array with a key of sf in the JSON Object sent back by the server will be executed as the system user. Since the connection is made via HTTP, it is vulnerable to a MITM attack."},{"lang":"es","value":"Se descubrió un problema en los dispositivos BLU Advance 5.0 y BLU R1 HD con software Shanghai Adups. La aplicación com.adups.fota.sysoper está instalada como una aplicación del sistema y no puede ser deshabilitada por el usuario. En el archivo AndroidManifest.xml de la aplicación com.adups.fota.sysoper, establece el atributo android: sharedUserId en un valor de android.uid.system que lo hace ejecutar como el usuario del sistema, el cual es un usuario muy privilegiado en el dispositivo. La aplicación tiene un receptor de difusión exportado llamado com.adups.fota.sysoper.WriteCommandReceiver con el que cualquier aplicación del dispositivo puede interactuar. Por lo tanto, cualquier aplicación puede enviar un comando incrustado en un intento que será ejecutado por el componente WriteCommandReceiver que se está ejecutando como usuario del sistema. La aplicación de terceros, utilizando el WriteCommandReceiver, puede realizar las siguientes acciones: llamar a un número de teléfono, restablecer el dispositivo de fábrica, tomar imágenes de la pantalla, grabar la pantalla en un vídeo, instalar aplicaciones, inyectar eventos, obtener el registro de Android y otros. Además, el componente com.adups.fota.sysoper.TaskService hará una solicitud a una URL de http://rebootv5.adsunflower.com/ps/fetch.do donde los comandos en el array String con una clave de sf en el objeto JSON enviado de vuelta por el servidor se ejecutará como el usuario del sistema. Dado que la conexión se realiza a través de HTTP, es vulnerable a un ataque MITM."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adups:adups_fota:-:*:*:*:*:*:*:*","matchCriteriaId":"D8B2E488-EEE4-4C16-B1F6-BD5847A0DE1A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96853","source":"cve@mitre.org"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"http://www.securityfocus.com/bid/96853","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}]}},{"cve":{"id":"CVE-2016-10139","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction."},{"lang":"es","value":"Se descubrió un problema en los dispositivos BLU R1 HD con software Shanghai Adups. Los dos nombres de paquetes implicados en la exfiltración son com.adups.fota y com.adups.fota.sysoper. En el archivo AndroidManifest.xml de la aplicación com.adups.fota.sysoper, establece el atributo android: sharedUserId en un valor de android.uid.system que lo hace ejecutar como el usuario del sistema, el cual es un usuario muy privilegiado en el dispositivo. Por lo tanto, se ha concedido a la aplicación que ejecuta como usuario del sistema una serie de permisos potentes aunque no estén presentes en el archivo AndroidManifest.xml de la aplicación com.adups.fota.sysoper. Esta aplicación proporciona el acceso de la aplicación com.adups.fota al registro de llamadas del usuario, mensajes de texto y varios identificadores de dispositivo a través del componente com.adups.fota.sysoper.provider.InfoProvider. La aplicación com.adups.fota utiliza marcas de tiempo cuando se ejecuta y es elegible para exfiltrar la PII del usuario cada 72 horas. Si han pasado 72 horas desde el valor de la marca de tiempo, entonces la exfiltración será activada por el usuario que conecta el dispositivo para cargar o cuando salen o entran en una red inalámbrica. La exfiltración se produce en el fondo sin ninguna interacción del usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adups:adups_fota:-:*:*:*:*:*:*:*","matchCriteriaId":"D8B2E488-EEE4-4C16-B1F6-BD5847A0DE1A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96858","source":"cve@mitre.org"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"http://www.securityfocus.com/bid/96858","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kryptowire.com/adups_security_analysis.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage"]}]}},{"cve":{"id":"CVE-2016-10140","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.343","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information disclosure and authentication bypass vulnerability exists in the Apache HTTP Server configuration bundled with ZoneMinder v1.30 and v1.29, which allows a remote unauthenticated attacker to browse all directories in the web root, e.g., a remote unauthenticated attacker can view all CCTV images on the server via the /events URI."},{"lang":"es","value":"La vulnerabilidad de desvío de autenticación y divulgación de información existe en la configuración del servidor HTTP de Apache incluida con ZoneMinder v1.30 y v1.29, que permite a un atacante remoto no autenticado explorar todos los directorios de la raíz web, por ejemplo, un atacante remoto no autenticado puede ver todas las imágenes CCTV en el servidor a través de la URI /events."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*","matchCriteriaId":"D79B2FB5-8AB8-49A9-B0E2-9215CB41D295"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96849","source":"cve@mitre.org"},{"url":"https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba","source":"cve@mitre.org"},{"url":"https://github.com/ZoneMinder/ZoneMinder/pull/1697","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/ZoneMinder/ZoneMinder/commit/71898df7565ed2a51dfe76a1cf30ddb81fc888ba","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/ZoneMinder/ZoneMinder/pull/1697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-10141","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS before fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. The attack requires a regular expression with nested repetition. A successful exploitation of this issue can lead to code execution or a denial of service (buffer overflow) condition."},{"lang":"es","value":"Se observó una vulnerabilidad de desbordamiento de enteros en la función regemit en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045. El ataque requiere una expresión regular con repeticiones anidadas. Una explotación exitosa de este problema puede conducir a la ejecución de código o una condición de denegación de servicio (desbordamiento de búfer)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*","versionEndExcluding":"2017-01-12","matchCriteriaId":"202B8552-01F6-41EB-95E6-714DA497F179"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95876","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697448","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95876","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697448","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-3128","sourceIdentifier":"secure@blackberry.com","published":"2017-01-13T09:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES."},{"lang":"es","value":"Una vulnerabilidad de suplantación en el Core de BlackBerry Enterprise Server (BES) 12 hasta la versión 12.5.2 permite a atacantes remotos registrar un dispositivo ilegítimo al BES, acceder a los parámetros del dispositivo para el BES o enviar información falsa al BES accediendo a Información específica sobre un dispositivo que se inscribió legítimamente en el BES."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CBD8C766-8C91-440F-99F7-7526AA7FD2BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6ED84DDD-A736-4990-AF43-B94974B04BAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"29E309B5-5F9E-4D8D-8A0A-49F3EB2B31A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0633AD14-B5CC-46EA-88EB-B39B1A32FB15"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*","matchCriteriaId":"6247B841-45B7-4CCE-A189-3EBFC8AB2003"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"7DE5722D-E406-4EE1-B55A-15B6B36FCFDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*","matchCriteriaId":"33F4B47B-A4AB-42E1-BDB6-A027B79CB3B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*","matchCriteriaId":"42160112-F133-4377-9CBA-56B71AAF5678"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*","matchCriteriaId":"EBE0CC41-33D3-4102-84E8-22E2C70AD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*","matchCriteriaId":"A138FF65-4563-4B65-B581-632DA00FB9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*","matchCriteriaId":"A0DFB57A-A2BF-4DE5-A25B-91D91159189F"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*","matchCriteriaId":"9576124A-433E-4CBC-944B-9C06D794F937"}]}]}],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038913","source":"secure@blackberry.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95624","source":"secure@blackberry.com"},{"url":"http://www.securitytracker.com/id/1037585","source":"secure@blackberry.com"},{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95624","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037585","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3130","sourceIdentifier":"secure@blackberry.com","published":"2017-01-13T09:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic between the two elements during a login attempt."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en el Core y Management Console en BlackBerry Enterprise Server (BES) 12 hasta la versión 12.5.2 permite a atacantes remotos obtener credenciales locales o de dominio de una cuenta de administrador o usuario espiando el tráfico entre los dos elementos durante un intento de inicio de sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CBD8C766-8C91-440F-99F7-7526AA7FD2BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6ED84DDD-A736-4990-AF43-B94974B04BAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"29E309B5-5F9E-4D8D-8A0A-49F3EB2B31A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0633AD14-B5CC-46EA-88EB-B39B1A32FB15"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.2.1:*:*:*:*:*:*:*","matchCriteriaId":"6247B841-45B7-4CCE-A189-3EBFC8AB2003"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"7DE5722D-E406-4EE1-B55A-15B6B36FCFDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.3.1:*:*:*:*:*:*:*","matchCriteriaId":"33F4B47B-A4AB-42E1-BDB6-A027B79CB3B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.4.0:*:*:*:*:*:*:*","matchCriteriaId":"42160112-F133-4377-9CBA-56B71AAF5678"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.4.1:*:*:*:*:*:*:*","matchCriteriaId":"EBE0CC41-33D3-4102-84E8-22E2C70AD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.0a:*:*:*:*:*:*:*","matchCriteriaId":"A138FF65-4563-4B65-B581-632DA00FB9E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.1:*:*:*:*:*:*:*","matchCriteriaId":"A0DFB57A-A2BF-4DE5-A25B-91D91159189F"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:enterprise_service:12.5.2:*:*:*:*:*:*:*","matchCriteriaId":"9576124A-433E-4CBC-944B-9C06D794F937"}]}]}],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038914","source":"secure@blackberry.com"},{"url":"http://www.securityfocus.com/bid/95924","source":"secure@blackberry.com"},{"url":"http://www.securitytracker.com/id/1037584","source":"secure@blackberry.com"},{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038914","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95924","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037584","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9882","sourceIdentifier":"security_alert@emc.com","published":"2017-01-13T09:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are written to disk and often sent to a log aggregator via syslog."},{"lang":"es","value":"Se descubrió un problema Cloud Foundry Foundation cf-release en versiones anteriores a v250 y CAPI-release en versiones anteriores a v1.12.0. Cloud Foundry registra las credenciales devueltas por los intermediarios de servicio en los registros de componentes del sistema Cloud Controller. Estos registros se escriben en disco y, a menudo, se envían a un agregador de registros a través de syslog."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:capi-release:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.0","matchCriteriaId":"8E50F8DC-578F-4781-A144-A871514F064E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*","versionEndIncluding":"249","matchCriteriaId":"A812C34E-6F43-41EF-96DA-62DF4A5FB653"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95441","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cloudfoundry.org/cve-2016-9882/","source":"security_alert@emc.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95441","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.cloudfoundry.org/cve-2016-9882/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3890","sourceIdentifier":"secure@blackberry.com","published":"2017-01-13T09:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link."},{"lang":"es","value":"Una vulnerabilidad de secuencias de comandos en sitios cruzados reflejada en los componentes de BlackBerry WatchDox Server Appliance-X versión 1.8.1 y anteriores y vAPP versiones 4.6.0 hasta 5.4.1, permite a atacantes remotos ejecutar secuencias de comandos en el contexto del navegador afectado persuadiendo a un usuario a hacer clic en un enlace malicioso proporcionado por el atacante."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:appliance-x:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.1","matchCriteriaId":"ADC9816C-3AF1-416C-BC8A-63BFCC67A57D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:workspaces_vapp:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E3A603A1-4BB1-469C-8DB1-75D62189655E"},{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:workspaces_vapp:5.4.1:*:*:*:*:*:*:*","matchCriteriaId":"6D46EFB9-56E8-4CB2-B0D5-82A1DF6530D0"}]}]}],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038915","source":"secure@blackberry.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95442","source":"secure@blackberry.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038915","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95442","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5364","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T09:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0."},{"lang":"es","value":"Vulnerabilidad de corrupción de memoria en Foxit PDF Toolkit v1.3 permite a atacantes remotos provocar una denegación de servicio y ejecución remota de código cuando la victima abre el archivo PDF especialmente manipulado. La vulnerabilidad se ha corregido en la versión v2.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:foxitsoftware:foxit_pdf_toolkit:1.3:*:*:*:*:*:*:*","matchCriteriaId":"E03B4795-60C7-4E20-87CB-7397A8BC6877"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95356","source":"cve@mitre.org"},{"url":"https://www.foxitsoftware.com/support/security-bulletins.php","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95356","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.foxitsoftware.com/support/security-bulletins.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-3188","sourceIdentifier":"secalert@redhat.com","published":"2017-01-13T15:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"El demonio IU en Apache Storm 0.10.0 en versiones anteriores a 0.10.0-beta1 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados.."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:storm:0.10.0:beta:*:*:*:*:*:*","matchCriteriaId":"A722448D-AA0E-4178-9730-AA11684EEA96"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/535804/100/0/threaded","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id/1032695","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/132417/Apache-Storm-0.10.0-beta-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/535804/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1032695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2090","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow."},{"lang":"es","value":"Vulnerabilidad de error por un paso en la función fgetwln en libbsd en versiones anteriores a 0.8.2 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer basado en memoria dinámica."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freedesktop:libbsd:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.2","matchCriteriaId":"211D9E84-9807-40EF-9DD8-D3F595717E06"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","matchCriteriaId":"CD783B0C-9246-47D9-A937-6144FE8BFF0F"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/28/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.freedesktop.org/show_bug.cgi?id=93881","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KJE5SPSX7HEKLZ34LUTZLXWPEL2K353/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIQKQ42Z7553D46QY3IMIQKS52QTNIHY/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-13","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4243-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/28/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.freedesktop.org/show_bug.cgi?id=93881","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KJE5SPSX7HEKLZ34LUTZLXWPEL2K353/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIQKQ42Z7553D46QY3IMIQKS52QTNIHY/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4243-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6885","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation."},{"lang":"es","value":"La función pstm_exptmod en MatrixSSL en versiones anteriores a 3.8.4 permite a atacantes remotos provocar una denegación de servicio (liberación no válida y caída) a través de un valor base cero para la exponenciación modular."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.3","matchCriteriaId":"6760E082-97B5-4186-9857-84003E6F0A60"}]}]}],"references":[{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6886","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange."},{"lang":"es","value":"La función pstm_reverse en MatrixSSL en versiones anteriores a 3.8.4 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un (1) valor cero o (2) los módulos de teclas para la clave secreta durante el intercambio de clave RSA."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.3","matchCriteriaId":"6760E082-97B5-4186-9857-84003E6F0A60"}]}]}],"references":[{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92604","source":"cve@mitre.org"},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92604","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6887","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack."},{"lang":"es","value":"La función pstm_exptmod en MatrixSSL 3.8.6 y versiones anteriores no realiza adecuadamente la exponenciación modular, lo que podría permitir a atacantes remotos predecir la clave secreta a través de un ataque CRT."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.6","matchCriteriaId":"5E830D80-ECB2-4764-BEC7-03CC59517109"}]}]}],"references":[{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.matrixssl.org/blog/releases/matrixssl_3_8_4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://blog.fuzzing-project.org/51-Fun-with-Bignums-Crashing-MatrixSSL-and-more.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7426","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p9 rate limits responses received from the configured sources when rate limiting for all associations is enabled, which allows remote attackers to cause a denial of service (prevent responses from the sources) by sending responses with a spoofed source address."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p9 limita la clasificación de respuestas recibidas desde las fuentes configuradas cuando la limitación de clasificación para todas las asociaciones está habilitado, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir las respuestas de las fuentes) enviando respuestas con una dirección de origen suplantada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2.6","versionEndExcluding":"4.2.8","matchCriteriaId":"EB9B114E-15BF-4731-9296-A8F82591B418"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.94","matchCriteriaId":"3505DE7A-B365-4455-A7BC-474019426C46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p203:*:*:*:*:*:*","matchCriteriaId":"EA207F59-B630-4BBB-9CD7-BA7B64581907"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p204:*:*:*:*:*:*","matchCriteriaId":"06AE2082-B219-4E94-89E8-E1328224C9D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p205:*:*:*:*:*:*","matchCriteriaId":"6E0F5656-3E41-4568-A810-F2CFA3677488"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p206:*:*:*:*:*:*","matchCriteriaId":"934152EB-5F5A-4BD8-B832-3B342551F9AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p207:*:*:*:*:*:*","matchCriteriaId":"6936BEB5-B765-45C5-B671-A9D0CC4988C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p208:*:*:*:*:*:*","matchCriteriaId":"BAA1E4CD-45EE-4814-AC6B-DE786C5B3B6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p209:*:*:*:*:*:*","matchCriteriaId":"95779DD0-C768-4B1C-A720-23BE19606B23"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p210:*:*:*:*:*:*","matchCriteriaId":"1B035472-2B64-4BE4-8D25-6E31937641E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p211:*:*:*:*:*:*","matchCriteriaId":"3CE88876-F0BB-43A1-9A4A-91C5D6FFC02B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p212:*:*:*:*:*:*","matchCriteriaId":"4E4BE466-B479-47BA-9A1F-F0184E252103"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p213:*:*:*:*:*:*","matchCriteriaId":"4E6D7F8F-EF71-44E6-B33F-E0265266C616"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p214:*:*:*:*:*:*","matchCriteriaId":"AC47FB1E-289A-4AA1-9DF1-0CEE13C9335F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p215:*:*:*:*:*:*","matchCriteriaId":"B7BC8DB4-E715-44F1-8759-0414613C9F38"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p216:*:*:*:*:*:*","matchCriteriaId":"5AF5BC27-EE65-4FB4-975E-FA3933B3202C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p217:*:*:*:*:*:*","matchCriteriaId":"795D50A9-41E5-40CE-88E9-391229607301"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p218:*:*:*:*:*:*","matchCriteriaId":"1DE4338B-F5B3-4410-886D-0F28A7ECE824"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p219:*:*:*:*:*:*","matchCriteriaId":"B1463DC6-D0C7-46E6-8418-B7900C99D079"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p220:*:*:*:*:*:*","matchCriteriaId":"C5B7AA5B-2BD5-4F19-A8BB-DF4677995602"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p221:*:*:*:*:*:*","matchCriteriaId":"DBCF724B-5018-4794-97D9-D8EDC2F04060"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p222:*:*:*:*:*:*","matchCriteriaId":"2A62EAF1-3D51-456F-BBE3-A2E8CBE7960D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p223:*:*:*:*:*:*","matchCriteriaId":"67D86D6C-A8A3-4CD4-B1A5-57941B51C732"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p224:*:*:*:*:*:*","matchCriteriaId":"E793243F-4179-46C9-B422-DC3D6E688B2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p225:*:*:*:*:*:*","matchCriteriaId":"6EAC9B6E-3A88-4DED-A5D4-862E076620BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p226:*:*:*:*:*:*","matchCriteriaId":"AD8E8B74-6E16-47FF-A019-54B0438A8CE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p227:*:*:*:*:*:*","matchCriteriaId":"3C210EFA-7BF2-4EEE-B59C-F3C75743E182"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p228:*:*:*:*:*:*","matchCriteriaId":"23A9CDE2-4520-4542-93B0-74A01E919597"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p229:*:*:*:*:*:*","matchCriteriaId":"94A7790A-DACE-4F02-B2FF-2C851EFD9717"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p230:*:*:*:*:*:*","matchCriteriaId":"5ED47A47-3CB2-45CC-8147-CFFE0B93D966"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p231_rc1:*:*:*:*:*:*","matchCriteriaId":"4FC2172C-73BD-441D-9963-5C9E89FB68F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p232_rc1:*:*:*:*:*:*","matchCriteriaId":"485C8744-A185-46EB-B27F-8A42ED76964B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p233_rc1:*:*:*:*:*:*","matchCriteriaId":"C01153E2-A4E3-4EF9-A33E-1026F578CB44"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p234_rc1:*:*:*:*:*:*","matchCriteriaId":"505CE414-C5E5-4251-9F02-A8A0DA6C0E91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p235_rc1:*:*:*:*:*:*","matchCriteriaId":"607E83FB-FDB7-49CA-9DA9-B8DA43C3DF23"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p236_rc1:*:*:*:*:*:*","matchCriteriaId":"864BA14B-B357-4ADD-BCE1-B2EAE4D299FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p237_rc1:*:*:*:*:*:*","matchCriteriaId":"2856AAB8-172F-4657-85FF-9FFB698C4457"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p238_rc1:*:*:*:*:*:*","matchCriteriaId":"7C2B8290-8AD6-4EDD-9736-730DD33CA73A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p239_rc1:*:*:*:*:*:*","matchCriteriaId":"A509FC81-ABFD-4CE1-ABD6-C47ECCF97892"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p240_rc1:*:*:*:*:*:*","matchCriteriaId":"7111A1FB-142C-4538-BC96-F71AEDC0FB4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p241_rc1:*:*:*:*:*:*","matchCriteriaId":"FB54C36C-F07A-4F99-A093-8EF10689E1C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p242_rc1:*:*:*:*:*:*","matchCriteriaId":"CD57B6E4-9947-4790-BCAF-30B37C7CB837"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p243_rc1:*:*:*:*:*:*","matchCriteriaId":"232170D9-923D-4DA5-9A7D-6A5BDCD37165"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p244_rc1:*:*:*:*:*:*","matchCriteriaId":"A0BE1B30-DB6E-4029-8212-035449CEE22F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p245_rc1:*:*:*:*:*:*","matchCriteriaId":"3181F3BF-8704-4D54-ABC4-CB68C89AF52D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p246_rc1:*:*:*:*:*:*","matchCriteriaId":"E61A5F5E-8DCC-4809-A2DE-E39C8E01976F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p247_rc1:*:*:*:*:*:*","matchCriteriaId":"1D2E80CD-0EAA-423B-B885-EDC5BFE962BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p248_rc1:*:*:*:*:*:*","matchCriteriaId":"11F45456-692B-415D-BDBF-BA639AA622BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p249_rc1:*:*:*:*:*:*","matchCriteriaId":"FCEF3E6A-48C3-4A00-B286-58E642DE5928"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.5:p250_rc1:*:*:*:*:*:*","matchCriteriaId":"8CE352E5-DFFC-4580-9D5E-95EE7A5C2BD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*","matchCriteriaId":"EEA51D83-5841-4335-AF07-7A43C118CAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*","matchCriteriaId":"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*","matchCriteriaId":"49ADE0C3-F75C-4EC0-8805-56013F0EB92C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*","matchCriteriaId":"D8FF625A-EFA3-43D1-8698-4A37AE31A07C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*","matchCriteriaId":"E3B99BBD-97FE-4615-905A-A614592226F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*","matchCriteriaId":"E7A9AD3A-F030-4331-B52A-518BD963AB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*","matchCriteriaId":"C293B8BE-6691-4944-BCD6-25EB98CABC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*","matchCriteriaId":"CEA650F8-2576-494A-A861-61572CA319D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*","matchCriteriaId":"4ED21EE8-7CBF-4BC5-BFC3-185D41296238"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*","matchCriteriaId":"C76A0B44-13DE-4173-8D05-DA54F6A71759"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*","matchCriteriaId":"1450241C-2F6D-4122-B33C-D78D065BA403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*","matchCriteriaId":"721AFD22-91D3-488E-A5E6-DD84C86E412B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*","matchCriteriaId":"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*","matchCriteriaId":"466D9A37-2658-4695-9429-0C6BF4A631C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*","matchCriteriaId":"99774181-5F12-446C-AC2C-DB1C52295EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*","matchCriteriaId":"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*","matchCriteriaId":"99C71C00-7222-483B-AEFB-159337BD3C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*","matchCriteriaId":"75A9AA28-1B20-44BB-815C-7294A53E910E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*","matchCriteriaId":"8C213794-111D-41F3-916C-AD97F731D600"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*","matchCriteriaId":"50811A7B-0379-4437-8737-B4C1ACBC9EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"21690BAC-2129-4A33-9B48-1F3BF30072A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"b.11.31","versionEndExcluding":"c.4.2.8.2.0","matchCriteriaId":"C771C48E-2B29-491D-8FF0-69D81229465D"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3071","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94451","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3707-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3707-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7427","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packet."},{"lang":"es","value":"La funcionalidad de prevención de repetición del modo de difusión en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (rechazar paquetes de modo de difusión) a través de un paquete de modo de difusión manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*","matchCriteriaId":"8C213794-111D-41F3-916C-AD97F731D600"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*","matchCriteriaId":"50811A7B-0379-4437-8737-B4C1ACBC9EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3114","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94447","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3707-2/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3114","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94447","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3707-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7428","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet."},{"lang":"es","value":"ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (rechazar paquetes de modo de difusión) a través del intervalo de encuesta en un paquete de difusión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*","matchCriteriaId":"8C213794-111D-41F3-916C-AD97F731D600"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*","matchCriteriaId":"50811A7B-0379-4437-8737-B4C1ACBC9EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3113","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94446","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3707-2/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94446","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3707-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7429","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p9 changes the peer structure to the interface it receives the response from a source, which allows remote attackers to cause a denial of service (prevent communication with a source) by sending a response for a source to an interface the source does not use."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p9 cambia la estructura de los pares a la interfaz que recibe la respuesta de una fuente, lo que permite a atacantes remotos provocar una denegación de servicio (prevenir la comunicación con una fuente) enviando una respuesta para una fuente a una interfaz que la fuente no utiliza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-18"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"72A23255-B135-4A4C-A2BA-A93026C0F520"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3072","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94453","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94453","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7431","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p9 allows remote attackers to bypass the origin timestamp protection mechanism via an origin timestamp of zero.  NOTE: this vulnerability exists because of a CVE-2015-8138 regression."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos eludir el mecanismo de protección de la marca de tiempo de origen a través de una marca de tiempo de origen de cero. NOTA: esta vulnerabilidad existe debido a una regresión de CVE-2015-8138."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html","source":"cve@mitre.org"},{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3102","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/539955/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/540254/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94454","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-3349-1","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03883en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03899en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"cve@mitre.org"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"cve@mitre.org"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/140240/FreeBSD-Security-Advisory-FreeBSD-SA-16.39.ntp.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3102","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/539955/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/540254/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94454","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-3349-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03883en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en&docId=emr_na-hpesbhf03899en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03883en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03899en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-223/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7433","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a \"root distance that did not include the peer dispersion.\""},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p9 no realiza adecuadamente los cálculos de sincronización inicial, lo que permite a atacantes remotos un impacto no especificado a través de vectores desconocidos, relacionado con una \"distancia de raíz que no incluía la dispersión de pares\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-682"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"72A23255-B135-4A4C-A2BA-A93026C0F520"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html","source":"cve@mitre.org"},{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3067","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/539955/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/540254/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94455","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-3349-1","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"cve@mitre.org"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227","source":"cve@mitre.org"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00153.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-ntpd-en","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/539955/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/540254/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/archive/1/539955/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/archive/1/540254/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94455","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-3349-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMSYVQMMF37MANYEO7KBHOPSC74EKGN/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PABKEYX6ABBFJZGMXKH57X756EJUDS3C/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5E3XBBCK5IXOLDAH2E4M3QKIYIHUMMP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-227/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7434","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query."},{"lang":"es","value":"La función read_mru_list en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una consulta mrulist manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.94","matchCriteriaId":"3505DE7A-B365-4455-A7BC-474019426C46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p100:*:*:*:*:*:*","matchCriteriaId":"18088A3E-C30F-4133-9D1A-B39181513EF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p101:*:*:*:*:*:*","matchCriteriaId":"52B6CFF0-2C07-4706-A3B1-618015F52D6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p102:*:*:*:*:*:*","matchCriteriaId":"90BF6D6B-DB23-4E50-A7D3-81B5F1CC5572"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p103:*:*:*:*:*:*","matchCriteriaId":"E79B84AA-FB11-453D-8216-CF25FBF15544"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p104:*:*:*:*:*:*","matchCriteriaId":"EB264FC5-0D41-48F8-802D-5C1710A5B4D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p105:*:*:*:*:*:*","matchCriteriaId":"81AB3169-0D14-46D3-9EBB-2835198EB94A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p106:*:*:*:*:*:*","matchCriteriaId":"D09EEB13-4F4A-4EF2-9F80-66D0E0E54FDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p107:*:*:*:*:*:*","matchCriteriaId":"7776F628-D8B9-4691-849D-4B483740CAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p108:*:*:*:*:*:*","matchCriteriaId":"8C83234B-7CB1-46DE-AAA3-81D457C6BE5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p109:*:*:*:*:*:*","matchCriteriaId":"0EA68A07-98D5-4025-AA23-E32F8CD71769"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p110:*:*:*:*:*:*","matchCriteriaId":"880AABF9-B93D-468A-8C4B-9D3760DEE6C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p111:*:*:*:*:*:*","matchCriteriaId":"40680475-27E0-41B9-9C52-E6498A36EBBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p112:*:*:*:*:*:*","matchCriteriaId":"6D871458-BC51-43BB-BD35-9DE945A6B772"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p113:*:*:*:*:*:*","matchCriteriaId":"1EEE464F-6634-4214-B423-641AB29856AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p114:*:*:*:*:*:*","matchCriteriaId":"49407030-4250-4DDD-B51A-794ED2AF8C7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p115:*:*:*:*:*:*","matchCriteriaId":"F43B2F0B-901F-4465-A736-5CC1CDDE3E42"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p116:*:*:*:*:*:*","matchCriteriaId":"31BEC66A-6C37-407B-BBF5-35AC0FF7EC74"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p117:*:*:*:*:*:*","matchCriteriaId":"51A56AD7-B69A-4326-9889-BF90AB22F384"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p118:*:*:*:*:*:*","matchCriteriaId":"A145C1A2-FB8E-49A2-B1CF-D5FB43EA1525"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p119:*:*:*:*:*:*","matchCriteriaId":"68372642-A1A1-4723-9648-F60CBF77EF50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p120:*:*:*:*:*:*","matchCriteriaId":"1A6C505D-3AB5-42F6-9902-C5668E28ADB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p121:*:*:*:*:*:*","matchCriteriaId":"CE27B2F8-4F46-4DDE-920F-3EB1967A53BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p122:*:*:*:*:*:*","matchCriteriaId":"58915E9F-AA40-46CF-B137-6BCF8798733A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p123:*:*:*:*:*:*","matchCriteriaId":"EB4512B9-33AA-4B43-9579-C583F90581C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p124:*:*:*:*:*:*","matchCriteriaId":"88725E06-49C9-45B4-9ECA-06B8B3EB5A37"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p125:*:*:*:*:*:*","matchCriteriaId":"72126656-2722-44F4-B01C-BEC19103C0F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p126:*:*:*:*:*:*","matchCriteriaId":"37503B24-23B0-4871-89AC-839F60A5EACC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p127:*:*:*:*:*:*","matchCriteriaId":"83A7A62B-3189-43E7-897B-8DD9B98E6914"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p128:*:*:*:*:*:*","matchCriteriaId":"95471C0C-0F04-4EE7-92A5-83AB955138DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p129:*:*:*:*:*:*","matchCriteriaId":"F1FA55A0-66F8-49AB-8707-C7E4A070E5A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p130:*:*:*:*:*:*","matchCriteriaId":"0000B855-4012-44DA-BF40-4F59A2476FB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p131:*:*:*:*:*:*","matchCriteriaId":"EA3F0379-E0AB-429C-A1D1-8D10D96DE3D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p132:*:*:*:*:*:*","matchCriteriaId":"CB716665-7EB8-4E22-9F38-19329F0DD7B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p133:*:*:*:*:*:*","matchCriteriaId":"E31C1F62-9AB3-4D4D-939D-EE21B7196A94"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p134:*:*:*:*:*:*","matchCriteriaId":"5CD11265-AD38-4473-9609-194BC9F67C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p135:*:*:*:*:*:*","matchCriteriaId":"14CE2B31-8E10-40B5-88C6-D9807CA47B2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p136:*:*:*:*:*:*","matchCriteriaId":"99F04650-84E0-48A9-A351-B465736D5D8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p137:*:*:*:*:*:*","matchCriteriaId":"814A5DC9-6B9D-4813-A55F-0D81C7B5B992"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p138:*:*:*:*:*:*","matchCriteriaId":"012727A7-261B-4F63-AB65-9DE07CE4B5A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p139:*:*:*:*:*:*","matchCriteriaId":"E724003A-14AE-445C-995B-D135EFA01FFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p140:*:*:*:*:*:*","matchCriteriaId":"44B0664F-3B93-444E-9D5B-6A8D8DA997E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p141:*:*:*:*:*:*","matchCriteriaId":"56324E0F-41B5-4F78-8559-C008BF41D6F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p142:*:*:*:*:*:*","matchCriteriaId":"20512BFF-402E-40C5-8A44-51BD43216FE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p143:*:*:*:*:*:*","matchCriteriaId":"34FE8F13-56E9-4AA0-974A-B24EC585015E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p144:*:*:*:*:*:*","matchCriteriaId":"D09C706D-0A89-4A6F-9EAE-63725B71CB79"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p145:*:*:*:*:*:*","matchCriteriaId":"99F276D8-6B10-46C7-8673-B53001865DE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p146:*:*:*:*:*:*","matchCriteriaId":"E3FC1D17-6238-4299-99CC-22676FE4A950"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p147:*:*:*:*:*:*","matchCriteriaId":"695C6140-B842-4DFF-B362-B4378EEBB7DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p148:*:*:*:*:*:*","matchCriteriaId":"2EF5BC29-E0EE-4BE2-9054-0CB7A98620B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p149:*:*:*:*:*:*","matchCriteriaId":"2FE15E41-3CF0-48B0-A919-361AD8A12500"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p150:*:*:*:*:*:*","matchCriteriaId":"F05BDA31-209D-492D-B48B-6456D2DC6D60"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p151:*:*:*:*:*:*","matchCriteriaId":"1CF90708-FF1C-4F6B-B5EC-07D508D9A7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p152:*:*:*:*:*:*","matchCriteriaId":"4543D8D1-4572-4867-B90E-4CB674A9682C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p153:*:*:*:*:*:*","matchCriteriaId":"5BF0B3DD-DE8D-4EA6-B83B-BAE7F41B36FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p154:*:*:*:*:*:*","matchCriteriaId":"E8429C6A-5191-4F31-B073-8471D15BDABE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p155:*:*:*:*:*:*","matchCriteriaId":"C452E6AE-87FE-489C-A397-1B50243AEB6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p156:*:*:*:*:*:*","matchCriteriaId":"835FCE24-A3D8-4E44-9D62-AF5DB95BE003"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p157:*:*:*:*:*:*","matchCriteriaId":"4CFAC891-2709-480C-B6E3-D19F31EF7C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p158:*:*:*:*:*:*","matchCriteriaId":"015BD2A6-0352-490E-8E8D-2CEC6BBA5728"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p159:*:*:*:*:*:*","matchCriteriaId":"18DAFA1F-4434-47C8-8F84-97CE83BBD1CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p160:*:*:*:*:*:*","matchCriteriaId":"715A4D93-2953-4682-9384-740A71CAE9D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p161:*:*:*:*:*:*","matchCriteriaId":"6FD41C7B-253A-4171-82CA-50BA017C14A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p162:*:*:*:*:*:*","matchCriteriaId":"13D73E63-D350-416C-818A-36B8F113D82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p163:*:*:*:*:*:*","matchCriteriaId":"301E509C-0DB3-4358-B6F7-AD133CE35F01"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p164:*:*:*:*:*:*","matchCriteriaId":"7E5E396E-BA00-4C12-939E-28F39BFBE756"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p165:*:*:*:*:*:*","matchCriteriaId":"F70DFABC-ECD4-4672-8822-C2370AE4BBD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p166:*:*:*:*:*:*","matchCriteriaId":"3180ABA9-D556-4E89-AEF8-0E0BA05328AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p170:*:*:*:*:*:*","matchCriteriaId":"A6C5461F-5BBF-47D1-8917-7A5B6A08C2EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p171:*:*:*:*:*:*","matchCriteriaId":"8A038A59-12A6-44B1-BF28-4AC9F33B8B2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p172:*:*:*:*:*:*","matchCriteriaId":"50FF8A7D-DA4B-4CA3-9E18-ECA2487127D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p173:*:*:*:*:*:*","matchCriteriaId":"C897B169-0E8C-4624-A595-C016951169C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p174:*:*:*:*:*:*","matchCriteriaId":"A358B329-E131-42AA-95D3-015BDB32D0A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p175:*:*:*:*:*:*","matchCriteriaId":"05B2C090-7AEF-42A0-B6C2-173A8C44FE8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p176:*:*:*:*:*:*","matchCriteriaId":"817EDB3E-9529-436A-895E-A700E99B75C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p177:*:*:*:*:*:*","matchCriteriaId":"69C74989-1186-4780-AB7C-7393CB87DA9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p178:*:*:*:*:*:*","matchCriteriaId":"EBA41032-724C-4198-BEE5-8F8E10542718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p179:*:*:*:*:*:*","matchCriteriaId":"FE00CC76-4174-481B-BE11-017E138D926C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p180:*:*:*:*:*:*","matchCriteriaId":"90357BE1-5BED-4529-B266-01734337DD2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p181:*:*:*:*:*:*","matchCriteriaId":"5F19B70E-C4D6-47A2-A784-7AFC8FD7A0EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p182:*:*:*:*:*:*","matchCriteriaId":"370DF27C-5170-4E83-8C5F-2B71BB18DD2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p183:*:*:*:*:*:*","matchCriteriaId":"24875D76-1F1D-409D-97AF-05C3EBABB6C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p184:*:*:*:*:*:*","matchCriteriaId":"63A68652-A900-4ACA-88B1-2480481DCA3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p185:*:*:*:*:*:*","matchCriteriaId":"8F93CAA7-43CF-4E77-948C-3B7ACB2065B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p186:*:*:*:*:*:*","matchCriteriaId":"42AA7252-63A8-46D9-889F-82E2EB395B9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p187:*:*:*:*:*:*","matchCriteriaId":"834B2001-0245-4229-924D-E2B663E799AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p188:*:*:*:*:*:*","matchCriteriaId":"00DC5545-B625-4BA4-B9B3-86FA53F28078"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p189:*:*:*:*:*:*","matchCriteriaId":"8AE16E47-74E8-4228-9A7B-9C57B85D185C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p190:*:*:*:*:*:*","matchCriteriaId":"B6CA6F5F-F42B-4ABF-AEE1-47078EE6FA90"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p191:*:*:*:*:*:*","matchCriteriaId":"E306D867-323D-4459-9879-B187177E04A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p192:*:*:*:*:*:*","matchCriteriaId":"BE01F660-1B93-44AB-A8B0-8952AEFBCC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p193:*:*:*:*:*:*","matchCriteriaId":"50929DCE-F805-4998-89FC-E7F058516A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p194:*:*:*:*:*:*","matchCriteriaId":"EC66E5EA-30CB-4305-ADD9-DDF487D33303"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p195:*:*:*:*:*:*","matchCriteriaId":"ACCF3643-A5B9-4189-B7BA-E64DE95E66F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p196:*:*:*:*:*:*","matchCriteriaId":"AF578C5C-F8C0-4634-A6D7-44C754F49160"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p197:*:*:*:*:*:*","matchCriteriaId":"FCDAD4BA-937F-48FB-969A-5DAE6DE50E9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p198:*:*:*:*:*:*","matchCriteriaId":"3B46B993-3DFE-47DB-9025-B6C58DCA18A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p199:*:*:*:*:*:*","matchCriteriaId":"00787CA7-9A1D-4B62-80B6-8556A00C7527"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p200:*:*:*:*:*:*","matchCriteriaId":"74ED4215-C2C7-4ADB-918D-F475EBC3DC29"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p201:*:*:*:*:*:*","matchCriteriaId":"FC5D6725-894C-46CC-8C34-52C9C22300C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p202:*:*:*:*:*:*","matchCriteriaId":"EA0DA534-D1F4-4399-B289-243E7BBBA6BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p203:*:*:*:*:*:*","matchCriteriaId":"0DF70DB3-5467-470A-8376-5076713B3F1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p204:*:*:*:*:*:*","matchCriteriaId":"1E76CD66-A6A1-4270-85DE-894B9AE06D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p205:*:*:*:*:*:*","matchCriteriaId":"8E65023E-32AF-4BD3-965B-322D03593EF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p206:*:*:*:*:*:*","matchCriteriaId":"4C319D83-A580-42DA-95BC-7F686C7A871F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p207:*:*:*:*:*:*","matchCriteriaId":"73B6F787-36EE-4C67-A9D4-72E45B3A4DAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p208:*:*:*:*:*:*","matchCriteriaId":"AB9A3C57-A57E-47AB-8C32-1642434A2260"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p209:*:*:*:*:*:*","matchCriteriaId":"67BBA775-FB30-4A6C-8D4B-A22B43A6FC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p210:*:*:*:*:*:*","matchCriteriaId":"114260EB-CEED-4C8C-A4E5-98A2934113D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p211:*:*:*:*:*:*","matchCriteriaId":"D0325DED-6705-45DD-98B0-75A20EA94CEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p212:*:*:*:*:*:*","matchCriteriaId":"0F79E496-0F22-412B-9CD2-BADECC0BC86A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p213:*:*:*:*:*:*","matchCriteriaId":"C90A4534-2057-4527-8C95-65DC36EC1B2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p214:*:*:*:*:*:*","matchCriteriaId":"A1EF1F52-B93B-4DF9-BDC3-89E591083B31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p215:*:*:*:*:*:*","matchCriteriaId":"EEF972A9-28D6-432C-BF89-FE8B308FD73A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p216:*:*:*:*:*:*","matchCriteriaId":"131ADB2D-B0DD-43E4-B92F-03C4A6B4606E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p217:*:*:*:*:*:*","matchCriteriaId":"064F1862-EEF3-4937-A1BA-4DB77136D9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p218:*:*:*:*:*:*","matchCriteriaId":"B2579BDC-7511-4EB5-93EE-BC6661856DC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p219:*:*:*:*:*:*","matchCriteriaId":"3303ED56-842C-4199-8C90-4C8946829861"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p22:*:*:*:*:*:*","matchCriteriaId":"93AEBFB8-C063-4862-ADA5-32C8AD6A215D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p220:*:*:*:*:*:*","matchCriteriaId":"6ABDA987-7222-4374-9C90-7995D348A4D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p221:*:*:*:*:*:*","matchCriteriaId":"A8AD850A-183B-4F0F-9306-C3DC3791220B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p222:*:*:*:*:*:*","matchCriteriaId":"18234B94-97C7-4B6B-89DD-EEC23184CE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p223:*:*:*:*:*:*","matchCriteriaId":"CF6212AE-49E5-4163-ADD1-52D30C1292A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p224:*:*:*:*:*:*","matchCriteriaId":"836448A1-E62B-48E7-B169-A792DA1C6BC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p225:*:*:*:*:*:*","matchCriteriaId":"A67A194C-F7C6-4568-A607-BD1469ECBDB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p226:*:*:*:*:*:*","matchCriteriaId":"9132CD66-3BE4-45DB-8E0D-45470846736A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p227:*:*:*:*:*:*","matchCriteriaId":"1F1B56D9-CAB0-4040-9AFA-5DF697FB7FD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p228:*:*:*:*:*:*","matchCriteriaId":"84C631CF-3B8A-45CA-BB63-1B0C0BBA7587"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p229:*:*:*:*:*:*","matchCriteriaId":"FBFD2AD3-141F-44EF-836E-ECBBCCA1FED7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p23:*:*:*:*:*:*","matchCriteriaId":"AD38DF5B-0FE3-46B0-9313-0BEDB2FB85BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p230:*:*:*:*:*:*","matchCriteriaId":"69D9B2C0-7579-465F-B18B-379639E9927A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p231:*:*:*:*:*:*","matchCriteriaId":"29566789-CFE1-4103-AD50-032D5D028757"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p232:*:*:*:*:*:*","matchCriteriaId":"1D7ECA6E-89D8-45B5-84CE-8CB17C7A3768"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p233:*:*:*:*:*:*","matchCriteriaId":"F027DACE-C9E2-4D72-9DA3-F809A64EF2F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p234:*:*:*:*:*:*","matchCriteriaId":"92643045-7392-47DA-93A5-90CD0AA51E22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p235:*:*:*:*:*:*","matchCriteriaId":"62130999-2898-4009-B8C2-FF7F7951A604"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p236:*:*:*:*:*:*","matchCriteriaId":"98FC8466-24E9-41D0-8250-44D7F8C693C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p237:*:*:*:*:*:*","matchCriteriaId":"954EF915-6A9E-44E6-883E-A7A9F6284700"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p238:*:*:*:*:*:*","matchCriteriaId":"05E8C9DA-EA55-4DBC-A96C-0AD149557A7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p239:*:*:*:*:*:*","matchCriteriaId":"1CC9AFDA-C77E-4165-BDFC-32A7B84509D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p24:*:*:*:*:*:*","matchCriteriaId":"19B1C33A-80DD-4942-81A3-5A91B77B902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p240:*:*:*:*:*:*","matchCriteriaId":"C8DB8DDB-AF56-41F4-950B-A2A2E39317DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p241:*:*:*:*:*:*","matchCriteriaId":"BC80B6F6-11A0-449A-897E-575F6F56F87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p242:*:*:*:*:*:*","matchCriteriaId":"13CE8993-F930-47C4-95E0-56C56353304B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p243:*:*:*:*:*:*","matchCriteriaId":"9FE86C91-2490-48DF-8106-FE880E7814A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p244:*:*:*:*:*:*","matchCriteriaId":"FE2353F1-6E1B-4230-A4B4-C0B797708C08"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p245:*:*:*:*:*:*","matchCriteriaId":"0B219D0C-E30F-4E2A-BB7A-1A31536DED5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p246:*:*:*:*:*:*","matchCriteriaId":"B219601B-9514-41E0-835B-62364078C818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p247:*:*:*:*:*:*","matchCriteriaId":"3F418265-D805-4252-B756-10DE5A859419"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p248:*:*:*:*:*:*","matchCriteriaId":"E1926405-EE10-43E3-BA5A-762FAE137257"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p249:*:*:*:*:*:*","matchCriteriaId":"13DF9CF5-51DA-4CE8-804C-5242F2B15C38"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*","matchCriteriaId":"FE315238-7191-4A2E-A3C6-2162BE589C78"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p250:*:*:*:*:*:*","matchCriteriaId":"635C986B-3F82-460C-9BD7-38F8216CDD79"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p251:*:*:*:*:*:*","matchCriteriaId":"966C53A2-DD1A-4470-81EE-E725BC289DA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p252:*:*:*:*:*:*","matchCriteriaId":"03228A7D-9D07-4C4C-B9E2-48227F85CA85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p253:*:*:*:*:*:*","matchCriteriaId":"7BAD1823-8E3A-440D-A3C9-2597D1D5C44B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p254:*:*:*:*:*:*","matchCriteriaId":"6D7A38FD-04F9-4E79-96CD-A207206EA661"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p255:*:*:*:*:*:*","matchCriteriaId":"23483EEB-9B8B-4A5B-8ABB-84751D7B7A39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p256:*:*:*:*:*:*","matchCriteriaId":"72EBA29F-09BB-4E3C-B8C4-4F33F87ABA4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p257:*:*:*:*:*:*","matchCriteriaId":"4D5B23B7-6AE4-48F3-8D2B-D8FE47958686"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p258:*:*:*:*:*:*","matchCriteriaId":"7CCA6DEC-66A1-47EF-8F58-A043FF3882CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p259:*:*:*:*:*:*","matchCriteriaId":"D7A4794F-715B-4494-A98B-9D667651EC67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p26:*:*:*:*:*:*","matchCriteriaId":"78648B53-1528-4815-AAEA-AEC828A1BF6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p260:*:*:*:*:*:*","matchCriteriaId":"DBB6B326-CD08-4E1F-9C8B-A20B9E271CAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p261:*:*:*:*:*:*","matchCriteriaId":"12177C82-48B7-4059-9FE3-67B6AD4394D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p262:*:*:*:*:*:*","matchCriteriaId":"2BFFB250-B848-47AD-BCCC-11EE14065A37"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p263:*:*:*:*:*:*","matchCriteriaId":"1444370E-BF8D-4AE5-9FBB-9105E6EF78CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p264:*:*:*:*:*:*","matchCriteriaId":"72D025B8-1A4D-4818-8E12-13355A21E2BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p265:*:*:*:*:*:*","matchCriteriaId":"BB1A2AD1-309B-44B3-9E86-A1F68DCE9106"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p266:*:*:*:*:*:*","matchCriteriaId":"A2DFE9B7-5261-4786-91B3-C9E3045EA6B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p267:*:*:*:*:*:*","matchCriteriaId":"28D3667D-61E3-469E-98FA-09BB84DC0DD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p268:*:*:*:*:*:*","matchCriteriaId":"2DB842A1-DEBE-47B7-A071-A6551DC2E57E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p269:*:*:*:*:*:*","matchCriteriaId":"427D2B99-488A-4AA6-8136-A9DF944A59D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p27:*:*:*:*:*:*","matchCriteriaId":"DFD3B0D3-F8B1-4B49-89AD-B7720264ABE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p270:*:*:*:*:*:*","matchCriteriaId":"B47B5F96-4634-4D14-9BB3-F18B28DE9C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p271:*:*:*:*:*:*","matchCriteriaId":"2C8080B1-8407-4174-B32B-E650ADEB69C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p272:*:*:*:*:*:*","matchCriteriaId":"D3472CD9-C523-4DC1-9008-9454BDAC8132"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p273:*:*:*:*:*:*","matchCriteriaId":"9FF54974-0C40-4503-BFD3-5B44EEFD67E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p274:*:*:*:*:*:*","matchCriteriaId":"C1449012-219E-48C6-A6A0-EA9EDA04FE37"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p275:*:*:*:*:*:*","matchCriteriaId":"A793C450-6BC8-46E7-8AB4-87BC4612B0AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p276:*:*:*:*:*:*","matchCriteriaId":"E33C55DC-07AE-45A5-89A4-76A489E5A867"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p277:*:*:*:*:*:*","matchCriteriaId":"AE0D8BBB-F96D-48EA-8BB6-D73C36734EE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p278:*:*:*:*:*:*","matchCriteriaId":"A85B2D52-AF38-47CF-9841-63DA64465418"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p279:*:*:*:*:*:*","matchCriteriaId":"1B84D901-CBB1-4094-BBE7-5B26E8D39F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p28:*:*:*:*:*:*","matchCriteriaId":"E682794C-6BAD-4C62-A56B-B8FC5C246A57"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p280:*:*:*:*:*:*","matchCriteriaId":"44E97C82-3600-4A69-A553-BBABD7DF0C60"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p281:*:*:*:*:*:*","matchCriteriaId":"4E804D9F-4902-445C-A4C0-B3AA9C50990E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p282:*:*:*:*:*:*","matchCriteriaId":"88C5398A-5782-4DF4-A0EC-504C6B504A9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p283:*:*:*:*:*:*","matchCriteriaId":"D9155ABF-92D7-4A32-8B8F-D657FB7ECF09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p284:*:*:*:*:*:*","matchCriteriaId":"1B286708-81FB-4A43-A641-2DD2A2AB32BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p285:*:*:*:*:*:*","matchCriteriaId":"E8E97E21-5860-4A69-A41C-D6B016557EBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p286:*:*:*:*:*:*","matchCriteriaId":"6B7A219D-B28B-4F30-9476-5011614EDA87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p287:*:*:*:*:*:*","matchCriteriaId":"93B3E6C4-FE6F-4DD6-A843-536BE332FBB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p288:*:*:*:*:*:*","matchCriteriaId":"DF1882D1-8491-4DAA-B90B-66C70EE0B8C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p289:*:*:*:*:*:*","matchCriteriaId":"568AE9F5-A26A-4257-BC46-57A173274C91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p29:*:*:*:*:*:*","matchCriteriaId":"C99673E9-9FB8-4FE8-85EE-E90402E40FA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p290:*:*:*:*:*:*","matchCriteriaId":"135B5E0C-09C9-4F7B-95E7-73ADD8C47332"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p291:*:*:*:*:*:*","matchCriteriaId":"8FDFE148-F5F8-464D-AD72-9BA98B58B784"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p292:*:*:*:*:*:*","matchCriteriaId":"790452BA-E1BF-4F4B-9189-55BEA1860DBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p293:*:*:*:*:*:*","matchCriteriaId":"80C3FEF9-99D3-4454-98F3-09B62E712B0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p294:*:*:*:*:*:*","matchCriteriaId":"C481B6EE-AA07-4F44-AE3E-AD5EBF94D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p295:*:*:*:*:*:*","matchCriteriaId":"937BC376-9D57-4466-A6EC-3493AB74ABA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p296:*:*:*:*:*:*","matchCriteriaId":"0B4E4FD4-6957-410A-B25B-3CB66AA6D92D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p297:*:*:*:*:*:*","matchCriteriaId":"C2CB55C6-D996-459E-9AF0-CA4E5E568016"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p298:*:*:*:*:*:*","matchCriteriaId":"66623F9F-9BA0-449D-845E-73119AB85C7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p299:*:*:*:*:*:*","matchCriteriaId":"95BC5517-41A4-42B4-A36E-598BD1BF5632"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p30:*:*:*:*:*:*","matchCriteriaId":"F2BB76A4-E4D3-4AAA-84E7-13F1EBF713AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p300:*:*:*:*:*:*","matchCriteriaId":"DB6CB51C-FB4C-47F8-A742-4CE96241ACF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p301:*:*:*:*:*:*","matchCriteriaId":"E0EDE1E5-EC6E-4042-845F-6E9C2DDA7183"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p302:*:*:*:*:*:*","matchCriteriaId":"086316E9-06E8-421A-A204-6313E5EE8B19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p303:*:*:*:*:*:*","matchCriteriaId":"756A71A5-061F-4A31-A63B-668782164B4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p304:*:*:*:*:*:*","matchCriteriaId":"ACBE70BB-8F32-4964-9FB0-D3CAEC21045A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p305:*:*:*:*:*:*","matchCriteriaId":"EC650C12-B1BF-4D73-A760-5E4FE5BAFDDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p306:*:*:*:*:*:*","matchCriteriaId":"3FF0E35E-2361-4ACD-BE48-B52E0C809B9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p307:*:*:*:*:*:*","matchCriteriaId":"4B6E27C1-7523-4B43-9B8A-B085F8798D13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p308:*:*:*:*:*:*","matchCriteriaId":"B7A3C1CA-101C-4E11-B7B8-EB8E52CE9A89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p309:*:*:*:*:*:*","matchCriteriaId":"8BF8463C-8E44-4C0D-9B1C-2FA1BD2CC190"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p31:*:*:*:*:*:*","matchCriteriaId":"C6631CB8-E3BC-473C-A217-E5CBBE8C8AD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p310:*:*:*:*:*:*","matchCriteriaId":"19EA0570-CCA5-40A6-A563-3A89072396A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p311:*:*:*:*:*:*","matchCriteriaId":"82F242D7-A19B-489E-A43E-8D03524AC563"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p312:*:*:*:*:*:*","matchCriteriaId":"12615298-51F2-482D-98B5-04FF3405C89F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p313:*:*:*:*:*:*","matchCriteriaId":"5F27F883-CBAF-4638-9CE0-CDE1E6EEBCFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p314:*:*:*:*:*:*","matchCriteriaId":"0661907B-783E-4E7A-A762-ED6AF2DC3125"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p315:*:*:*:*:*:*","matchCriteriaId":"E7BD9562-F3D2-4B25-8F64-8F98F8F20055"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p316:*:*:*:*:*:*","matchCriteriaId":"A34A0A94-1009-47AC-B697-01A18179FA83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p317:*:*:*:*:*:*","matchCriteriaId":"72B6EE25-093E-4F65-9158-956FF358BC4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p318:*:*:*:*:*:*","matchCriteriaId":"2C1A56B8-B7F4-4D3E-991E-55EAE6821295"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p319:*:*:*:*:*:*","matchCriteriaId":"2B5CA008-E02B-4FF6-9D38-5CC38D366819"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p32:*:*:*:*:*:*","matchCriteriaId":"3829DBDA-C15A-4F55-8B65-30FA3DD6BB34"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p320:*:*:*:*:*:*","matchCriteriaId":"6ACF0AA3-BC82-4FB0-B17C-F20553E96A0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p321:*:*:*:*:*:*","matchCriteriaId":"B4614A1D-27A2-4952-80EB-1E0096F3A9DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p322:*:*:*:*:*:*","matchCriteriaId":"F2D45FAB-8F9A-4680-B91C-24A0FC5D53C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p323:*:*:*:*:*:*","matchCriteriaId":"73CCF245-7374-4DE1-AE14-8520D529FB97"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p324:*:*:*:*:*:*","matchCriteriaId":"175AA245-3CA7-48A1-8B59-BE3EBDD50223"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p325:*:*:*:*:*:*","matchCriteriaId":"E193D864-8AA3-4769-A60A-EDCF1708B868"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p326:*:*:*:*:*:*","matchCriteriaId":"5EBD0753-F448-47BC-B3A2-878C7CABFFD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p327:*:*:*:*:*:*","matchCriteriaId":"C1DD4AF6-8E30-440B-B8E5-8D23F8C752C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p328:*:*:*:*:*:*","matchCriteriaId":"A7973D03-DA1D-4470-BB44-E6D1336EA05E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p329:*:*:*:*:*:*","matchCriteriaId":"C23977C3-F49A-46FF-BE70-161D4A198651"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p33:*:*:*:*:*:*","matchCriteriaId":"DA9F54EB-2377-4CE0-8517-564415EC79AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p330:*:*:*:*:*:*","matchCriteriaId":"4A50CB94-38F4-4AC1-8D56-3C4DBDE5DA0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p331:*:*:*:*:*:*","matchCriteriaId":"ADA7B8B0-FB9E-4833-BD49-4B29A6E8CE93"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p332:*:*:*:*:*:*","matchCriteriaId":"EB39BE69-4CC6-4142-ADAB-CAE31C60F02B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p333:*:*:*:*:*:*","matchCriteriaId":"0B71E349-4644-46C4-B94B-49EA7D61ADFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p334:*:*:*:*:*:*","matchCriteriaId":"AFA3FB6E-CEB5-43D5-B741-661BAE199EF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p335:*:*:*:*:*:*","matchCriteriaId":"92E625E3-3E09-4EEA-8808-C60B2C5D99B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p336:*:*:*:*:*:*","matchCriteriaId":"31F5F683-26B8-4582-948A-2AFC5FB4EBDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p337:*:*:*:*:*:*","matchCriteriaId":"6F7A8648-0E43-47D9-872E-4B24BE68E2B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p338:*:*:*:*:*:*","matchCriteriaId":"3B19F768-A654-4A11-924D-0D741A5B5063"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p339:*:*:*:*:*:*","matchCriteriaId":"F4DD99A1-AF44-4177-A94E-1663CCFFDBE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p34:*:*:*:*:*:*","matchCriteriaId":"76B59A05-EF56-4A06-8EF2-49BABA11EFCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p340:*:*:*:*:*:*","matchCriteriaId":"1A8E03B1-0A87-43EB-A9E0-A4F396948EC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p341:*:*:*:*:*:*","matchCriteriaId":"6812A7B2-8267-45DA-8E9A-E9987D07ED6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p342:*:*:*:*:*:*","matchCriteriaId":"13FFE741-5489-4427-9E30-4B499BE419BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p343:*:*:*:*:*:*","matchCriteriaId":"2D720BAC-CF8C-4394-B7B3-E410467D02CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p344:*:*:*:*:*:*","matchCriteriaId":"17CD0194-9899-4FC0-AC48-305C98180D96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p345:*:*:*:*:*:*","matchCriteriaId":"250A861E-93BE-419A-84D7-EB3CBC5F37FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p346:*:*:*:*:*:*","matchCriteriaId":"7BB3A976-A7E3-4C59-9BBE-DE1B815F7871"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p347:*:*:*:*:*:*","matchCriteriaId":"212DADA8-A0B7-499C-A6B0-8696AB1B103F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p348:*:*:*:*:*:*","matchCriteriaId":"DAF064E3-4A50-40E3-A183-42D062E27FB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p349:*:*:*:*:*:*","matchCriteriaId":"93400158-D5E2-4B49-8F28-BB4398217F07"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p35:*:*:*:*:*:*","matchCriteriaId":"79747394-C70B-45AE-9533-CE095E44952E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p350:*:*:*:*:*:*","matchCriteriaId":"17DDD2ED-9510-487F-B598-27BFADE10D18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p351:*:*:*:*:*:*","matchCriteriaId":"F90A32B0-B237-42AE-9FAE-5AF125877DFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p352:*:*:*:*:*:*","matchCriteriaId":"945E5002-84D6-44A0-8327-CD01A746F842"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p353:*:*:*:*:*:*","matchCriteriaId":"892FD4C7-17EE-4845-BCFA-1564081CD289"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p354:*:*:*:*:*:*","matchCriteriaId":"68DA4791-4619-4977-9B2C-489142D0055B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p355:*:*:*:*:*:*","matchCriteriaId":"911A3C69-8D28-4D27-8EC7-ED02FE74BFE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p356:*:*:*:*:*:*","matchCriteriaId":"BB125173-0F9C-4B57-BEC0-490C01EE2C89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p357:*:*:*:*:*:*","matchCriteriaId":"09D58DE3-C8C4-4C14-B38E-84D1AC874E3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p358:*:*:*:*:*:*","matchCriteriaId":"AF9DDED5-9383-4014-8674-CD5A6D7E246A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p359:*:*:*:*:*:*","matchCriteriaId":"BB4AABDA-3A4E-411F-A3F0-22FC06157D7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p36:*:*:*:*:*:*","matchCriteriaId":"FE9E7970-8A2A-4B9A-BD8C-0B7345DDDC6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p360:*:*:*:*:*:*","matchCriteriaId":"9B5B447C-066F-47FF-A033-7B98638E6506"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p361:*:*:*:*:*:*","matchCriteriaId":"3A2FADF1-EA35-44B1-B200-3535F0899622"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p362:*:*:*:*:*:*","matchCriteriaId":"EA45115B-7FF5-4479-841D-DAA05EF525E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p363:*:*:*:*:*:*","matchCriteriaId":"9FEC288C-ACB1-4782-AD3D-C13CD4822C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p364:*:*:*:*:*:*","matchCriteriaId":"B3948830-399B-4457-9C79-FE542885396D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p365:*:*:*:*:*:*","matchCriteriaId":"297B4B83-3B41-4D05-951E-55671DFA3401"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p366:*:*:*:*:*:*","matchCriteriaId":"97722AA3-54FF-43DC-A926-AFB00A216D7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p367:*:*:*:*:*:*","matchCriteriaId":"F7059D68-D871-4C92-8DC3-C37C3660831F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p368:*:*:*:*:*:*","matchCriteriaId":"4CA21B77-EE77-48B2-88A9-FDF818B83425"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p369:*:*:*:*:*:*","matchCriteriaId":"669E93E5-70BD-405F-A92C-6623F7A53F9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p37:*:*:*:*:*:*","matchCriteriaId":"B4B06D02-D9F6-4C09-BEE0-A5491B97A24C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p370:*:*:*:*:*:*","matchCriteriaId":"53A468F9-6C1E-4A2E-AFDA-979E570D6DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p371:*:*:*:*:*:*","matchCriteriaId":"7C064AC9-11CC-458C-9AE1-B4F870AD468C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p372:*:*:*:*:*:*","matchCriteriaId":"81F985B3-B0F9-4A41-B014-4222786C960C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p373:*:*:*:*:*:*","matchCriteriaId":"E3A86AF0-6A98-474C-BB6E-2C3FB6ABCCE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p374:*:*:*:*:*:*","matchCriteriaId":"42F94BA2-09E5-4373-8940-B723E1D12B95"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p375:*:*:*:*:*:*","matchCriteriaId":"88956750-A888-4E68-B7A5-59C7259E5BAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p376:*:*:*:*:*:*","matchCriteriaId":"9E738CE1-1E0C-4822-AC3A-917FA4FFA612"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p377:*:*:*:*:*:*","matchCriteriaId":"767426BE-5BBF-426E-A0C6-2D367B954F27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p378:*:*:*:*:*:*","matchCriteriaId":"A84376E3-A31F-4EEB-8F87-A9C965C2F1DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p379:*:*:*:*:*:*","matchCriteriaId":"EB98463C-35D4-4252-945B-4C50A385CE5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p38:*:*:*:*:*:*","matchCriteriaId":"0C337ACA-81A0-4017-8CEB-7CB790172C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p380:*:*:*:*:*:*","matchCriteriaId":"50D0EB63-C1BF-403F-A0F4-EBADBBBE9345"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p381:*:*:*:*:*:*","matchCriteriaId":"D7C31F2F-163E-4384-B87E-AFE1C8C7865F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p382:*:*:*:*:*:*","matchCriteriaId":"220DE1DB-5F19-4C4C-A8E3-5650870BD1ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p383:*:*:*:*:*:*","matchCriteriaId":"323572A7-67C5-42AD-9E65-E54719B701DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p384:*:*:*:*:*:*","matchCriteriaId":"DF6BE9BC-4C72-4D8C-96C7-8867580BD557"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p385:*:*:*:*:*:*","matchCriteriaId":"D1C34D5F-DE47-4CB8-B1F7-2796D48EDF26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p386:*:*:*:*:*:*","matchCriteriaId":"C54C231A-25A6-480B-87A4-6F3E9AC242EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p387:*:*:*:*:*:*","matchCriteriaId":"0EE812DF-8E96-4FF8-8D03-10B98A3C4563"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p388:*:*:*:*:*:*","matchCriteriaId":"CC809B83-705E-438D-B9C7-8AED384E55E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p389:*:*:*:*:*:*","matchCriteriaId":"E82497A8-05F6-4AA5-9A98-C084BF6C87A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p39:*:*:*:*:*:*","matchCriteriaId":"80D57A00-D9A5-4C70-B523-0064C56AD7D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p390:*:*:*:*:*:*","matchCriteriaId":"2B65C876-191E-43DD-8C00-B3FFB643798C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p391:*:*:*:*:*:*","matchCriteriaId":"1C55D80B-4597-4C13-8BDA-659F19CA17AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p392:*:*:*:*:*:*","matchCriteriaId":"CD2417D5-0B48-41AC-B529-B6B958FD1529"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p393:*:*:*:*:*:*","matchCriteriaId":"E86B9970-181A-4227-85C5-6EA9DC83EC6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p394:*:*:*:*:*:*","matchCriteriaId":"C9AB4545-315D-430A-AEF5-FA51C91A81C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p395:*:*:*:*:*:*","matchCriteriaId":"A48EA953-A9AC-4B0E-80D7-97E813AA6116"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p396:*:*:*:*:*:*","matchCriteriaId":"21FA80EF-86AD-4B10-847F-BE1A21DA90DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p397:*:*:*:*:*:*","matchCriteriaId":"064A35E0-362D-4EAB-9659-B66A51B8A57C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p398:*:*:*:*:*:*","matchCriteriaId":"FC33854D-77D0-403A-9DD6-0AE57DDF1D06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p399:*:*:*:*:*:*","matchCriteriaId":"0E8128A3-F0A9-443A-9B39-9DDEBD6C9E3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p4:*:*:*:*:*:*","matchCriteriaId":"E0040B79-5D07-4BEA-8861-8D827FB31735"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p40:*:*:*:*:*:*","matchCriteriaId":"658F5E60-CA2F-4B96-B48A-715CCF553F96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p400:*:*:*:*:*:*","matchCriteriaId":"263B51E4-1659-427B-A79B-D4E9DF28A57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p401:*:*:*:*:*:*","matchCriteriaId":"8B97CE98-A1EE-4ED6-A108-4BF40EA3F81D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p402:*:*:*:*:*:*","matchCriteriaId":"8C818138-F20A-4F39-A5C0-6D2937EE77F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p403:*:*:*:*:*:*","matchCriteriaId":"BE12A159-F94F-4410-AF88-8966101C1212"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p404:*:*:*:*:*:*","matchCriteriaId":"ECC145C1-F5F5-4EE7-96FE-6F5949E483A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p405:*:*:*:*:*:*","matchCriteriaId":"7F57CF8E-FE13-4E21-8F35-25068C3F36B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p406:*:*:*:*:*:*","matchCriteriaId":"D75F5F25-9D47-4FA5-95DF-47CDCB3E9C5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p407:*:*:*:*:*:*","matchCriteriaId":"9EE75158-53F3-46F3-8028-860CD0F0493D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p408:*:*:*:*:*:*","matchCriteriaId":"DA633D5D-F25E-41D0-A881-ED59EFE1593D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p409:*:*:*:*:*:*","matchCriteriaId":"4166C7AD-F945-4AA0-A4FB-055D5F90A84C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p41:*:*:*:*:*:*","matchCriteriaId":"CCCC6A0F-7728-4AB7-ABFB-6D8B7C327319"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p410:*:*:*:*:*:*","matchCriteriaId":"FE0C6655-04AA-41ED-8186-C384A5D80CAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p411:*:*:*:*:*:*","matchCriteriaId":"7218D1AE-D531-4688-91DF-EFF5D2690C75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p412:*:*:*:*:*:*","matchCriteriaId":"BB32757C-97CB-4782-A7D0-7905C08AB72B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p413:*:*:*:*:*:*","matchCriteriaId":"A8091E4A-054C-4AED-BE48-783DC4D0C8D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p414:*:*:*:*:*:*","matchCriteriaId":"16CD62B2-904D-4109-BBF6-4CF71CDD171D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p415:*:*:*:*:*:*","matchCriteriaId":"D5B8C246-0B8C-462E-B3EB-49988C387B4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p416:*:*:*:*:*:*","matchCriteriaId":"B66B920C-F32C-47C6-A456-29D075E0FDD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p417:*:*:*:*:*:*","matchCriteriaId":"A424EAE0-2B4E-4B08-B1E7-DFC9FCC0B863"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p418:*:*:*:*:*:*","matchCriteriaId":"3601971C-CFB7-499F-8C46-5D58D6C8E252"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p419:*:*:*:*:*:*","matchCriteriaId":"3E44EACB-8FAC-4FCE-B83F-9B1EFC2B8A0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p42:*:*:*:*:*:*","matchCriteriaId":"F6FE7257-F93D-406E-B4B3-668E41C6A8ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p420:*:*:*:*:*:*","matchCriteriaId":"17B12369-3740-487C-ACBB-8D09E933CEFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p421:*:*:*:*:*:*","matchCriteriaId":"4E8D3E83-11C6-4169-A401-536758AC683F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p422:*:*:*:*:*:*","matchCriteriaId":"88DC6549-8447-4981-9462-AF54AB224E43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p423:*:*:*:*:*:*","matchCriteriaId":"8B3712F6-CD70-4D27-B51B-C152C730E4B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p424:*:*:*:*:*:*","matchCriteriaId":"C538EC07-E3B5-48F4-B2BE-1D183C8167FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p425:*:*:*:*:*:*","matchCriteriaId":"2536D2A7-00E8-42F3-8040-C2C581BD18EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p426:*:*:*:*:*:*","matchCriteriaId":"41C5A447-68F1-4C86-B324-56346B5ED4E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p427:*:*:*:*:*:*","matchCriteriaId":"9A2B4489-5A50-45B0-9AC3-55226D104C62"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p428:*:*:*:*:*:*","matchCriteriaId":"98AE334D-93C1-410A-A993-559C4ECA6EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p429:*:*:*:*:*:*","matchCriteriaId":"55C23879-14D6-44CF-B72C-077648B7850C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p43:*:*:*:*:*:*","matchCriteriaId":"DDE8AE33-9A76-4921-838C-FD26BE966936"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p430:*:*:*:*:*:*","matchCriteriaId":"343DE53D-5471-4A71-9ECF-F4B49FE87DC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p431:*:*:*:*:*:*","matchCriteriaId":"1659F07D-AC4B-4946-AA6D-CD07BEFFD260"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p432:*:*:*:*:*:*","matchCriteriaId":"E5E5356A-C7DE-4E77-B563-9D9411A94487"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p433:*:*:*:*:*:*","matchCriteriaId":"A90B1CB8-7CD6-455D-8B83-890DFE17F168"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p434:*:*:*:*:*:*","matchCriteriaId":"42F60614-8A4C-48D9-9AFE-03334B5F39A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p435:*:*:*:*:*:*","matchCriteriaId":"C2CEAAC3-0738-4EFA-9C6A-140B61D6FB77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p436:*:*:*:*:*:*","matchCriteriaId":"06F04569-8733-4326-AAAF-E1C0FDE9A067"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p437:*:*:*:*:*:*","matchCriteriaId":"DE4263C9-9885-4AD5-9331-6EA04B579DC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p438:*:*:*:*:*:*","matchCriteriaId":"D34C4700-3763-402B-88A1-0E0CDAB003C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p439:*:*:*:*:*:*","matchCriteriaId":"5AFC88C6-C0C7-4F06-B36F-4C07F68714DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p44:*:*:*:*:*:*","matchCriteriaId":"434184FF-2FB6-4577-8F85-E488EB89D642"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p440:*:*:*:*:*:*","matchCriteriaId":"03CD81E7-9C87-4E8C-8B38-A9C790D3740D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p441:*:*:*:*:*:*","matchCriteriaId":"AA114487-9C20-4D4C-9BE0-61E83EEA881A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p442:*:*:*:*:*:*","matchCriteriaId":"AD46FDA8-410D-46ED-B9DA-DBE377A52F7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p443:*:*:*:*:*:*","matchCriteriaId":"2549A1EB-CF4C-4B72-BE21-4DB6C232620E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p444:*:*:*:*:*:*","matchCriteriaId":"C4A5B2DE-6EDB-4687-95E9-B7BDEE8A4F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p445:*:*:*:*:*:*","matchCriteriaId":"38655472-BDE7-450A-8655-D217648FB502"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p446:*:*:*:*:*:*","matchCriteriaId":"9A9EB39C-40E4-4B2F-AC0F-9AB12ABFE9E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p447:*:*:*:*:*:*","matchCriteriaId":"1EEA66A5-F0EE-407D-A40E-4AF5E1AA052D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p448:*:*:*:*:*:*","matchCriteriaId":"F659FB12-BED8-4DA3-886C-E49FECD2E84D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p449:*:*:*:*:*:*","matchCriteriaId":"B4D83B72-6A3A-49A2-BC10-AF588CC4F8CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p45:*:*:*:*:*:*","matchCriteriaId":"3DBDA6E7-5849-4551-A4E4-4C846074B55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p450:*:*:*:*:*:*","matchCriteriaId":"E6B6B540-1E6C-4031-87D8-159B683E42E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p451:*:*:*:*:*:*","matchCriteriaId":"8AE3CDE6-4061-446C-8CA9-1F86CF5D0CCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p452:*:*:*:*:*:*","matchCriteriaId":"3524F3C9-1FB9-478B-927B-FCDAD58F9A89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p453:*:*:*:*:*:*","matchCriteriaId":"1E539437-A77D-4672-B7F7-401435A5DF18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p454:*:*:*:*:*:*","matchCriteriaId":"73EAA52B-5E57-4633-A651-2763433A581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p455:*:*:*:*:*:*","matchCriteriaId":"84791D19-F4E2-430A-891B-562C8A42F572"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p456:*:*:*:*:*:*","matchCriteriaId":"56CBFA28-AD97-436D-87E6-A958C80F463D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p457:*:*:*:*:*:*","matchCriteriaId":"5E82DEF1-83E4-47B1-8A71-AAB6723B092E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p458:*:*:*:*:*:*","matchCriteriaId":"73BDEBD9-C4A3-44AA-9067-6EAA0FB68D2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p459:*:*:*:*:*:*","matchCriteriaId":"99E12DE4-36F7-47E3-B296-B7DD4908C191"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p46:*:*:*:*:*:*","matchCriteriaId":"9520436F-C8D9-40F0-BBE5-2B15D286B8D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p460:*:*:*:*:*:*","matchCriteriaId":"B8213C7C-A1C6-491C-88DF-46799E1149FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p461:*:*:*:*:*:*","matchCriteriaId":"E4A6EEC8-A256-4A29-88B9-EBD29F0E9984"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p462:*:*:*:*:*:*","matchCriteriaId":"C480C64A-1591-45A0-9F8E-4ADF90ECEC4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p463:*:*:*:*:*:*","matchCriteriaId":"C1F1E185-3A8B-4523-9C4D-35B219DAAB10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p464:*:*:*:*:*:*","matchCriteriaId":"58DAACF5-282F-4D4F-BA58-1DCDB31B0E29"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p465:*:*:*:*:*:*","matchCriteriaId":"7CC89215-1461-42F4-8F0A-0E60AD86CE5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p466:*:*:*:*:*:*","matchCriteriaId":"D477F5D9-B8C2-498B-B979-5524BA64F082"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p467:*:*:*:*:*:*","matchCriteriaId":"F7983F2C-182E-415E-B770-288BB165A660"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p468:*:*:*:*:*:*","matchCriteriaId":"7A3795B8-817E-40E5-B348-74A15FF713C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p469:*:*:*:*:*:*","matchCriteriaId":"87CE91F2-1FB0-41E0-89E6-58EEFA6BE41D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p47:*:*:*:*:*:*","matchCriteriaId":"9BD6AC08-3F51-4410-8ECB-99B44A72568E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p470:*:*:*:*:*:*","matchCriteriaId":"690FC7C1-4B39-49C6-9603-007A3E88DA66"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p471:*:*:*:*:*:*","matchCriteriaId":"3918A234-477D-4C0D-9E6D-CFDFA582B402"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p472:*:*:*:*:*:*","matchCriteriaId":"EBC0DCF1-EE12-4D07-A643-ABF51E0D1C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p473:*:*:*:*:*:*","matchCriteriaId":"B7900782-B462-4A44-96CE-A3A014E93709"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p474:*:*:*:*:*:*","matchCriteriaId":"3AF076BA-2834-448B-AA81-1BA5C99DA860"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p475:*:*:*:*:*:*","matchCriteriaId":"2917A9B3-37EC-4F51-A4D6-68270E0BFBA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p476:*:*:*:*:*:*","matchCriteriaId":"F9A85B79-DACE-48DB-A575-2F14FAACFF5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p477:*:*:*:*:*:*","matchCriteriaId":"F2BC6626-9073-4E98-8D81-EB68F3FF1DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p478:*:*:*:*:*:*","matchCriteriaId":"E625449B-FAAC-4053-B775-8745CAF4DDB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p479:*:*:*:*:*:*","matchCriteriaId":"6BC60030-61E0-41E7-B11A-B9A4AE3F15FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p48:*:*:*:*:*:*","matchCriteriaId":"6AF437C6-62A2-4B99-9A24-F721A60D7D2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p480:*:*:*:*:*:*","matchCriteriaId":"00A93F72-960F-4616-9E13-C7D070AA9284"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p481:*:*:*:*:*:*","matchCriteriaId":"4BB13DEF-50F9-44F4-B727-FD9121A5D94A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p482:*:*:*:*:*:*","matchCriteriaId":"A4CEFBF7-F69A-431B-BF71-DAB5958888F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p483:*:*:*:*:*:*","matchCriteriaId":"24903C79-D6BE-4961-B787-1C3B9E88C81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p484_rc1:*:*:*:*:*:*","matchCriteriaId":"89313369-5D95-45B2-A0F7-E105608D133D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p485_rc1:*:*:*:*:*:*","matchCriteriaId":"160577D9-BC9A-40E9-BECB-7EFA9E1A4D04"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p486_rc1:*:*:*:*:*:*","matchCriteriaId":"0FCFFCCD-13F9-43F2-861D-839B7046A1EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p49:*:*:*:*:*:*","matchCriteriaId":"0E730137-E93D-4AFB-B1E5-9CE89AF0CE9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p5:*:*:*:*:*:*","matchCriteriaId":"D00C1A08-1AFF-4AED-9F32-6F7400E24427"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p50:*:*:*:*:*:*","matchCriteriaId":"16871277-E425-4A35-A6DC-C89EBA7E74E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p51:*:*:*:*:*:*","matchCriteriaId":"EDE0405D-F8DE-458D-8D75-FE582D1DC137"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p52:*:*:*:*:*:*","matchCriteriaId":"637D12F8-33EB-4D35-A56F-8B6A124B2936"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p53:*:*:*:*:*:*","matchCriteriaId":"F0C13374-0966-4372-951D-853D5CC81E2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p54:*:*:*:*:*:*","matchCriteriaId":"41B72391-9B36-4196-9BF0-E3C44B5A6C8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p55:*:*:*:*:*:*","matchCriteriaId":"AFA07E87-043E-456C-B435-6B7EF3CAA58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p56:*:*:*:*:*:*","matchCriteriaId":"165E10ED-42CE-4313-B630-D2051DA29F1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p57:*:*:*:*:*:*","matchCriteriaId":"2EDCA346-8FA5-4781-B69E-37F76DD07039"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p58:*:*:*:*:*:*","matchCriteriaId":"9FD3A0D8-D947-40AA-A548-CD48BB3837AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p59:*:*:*:*:*:*","matchCriteriaId":"7B97D60B-CCAE-4F13-9573-23D65280C0B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p6:*:*:*:*:*:*","matchCriteriaId":"6478C98A-FC07-457D-996D-53B9361B52D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p60:*:*:*:*:*:*","matchCriteriaId":"D379EAE2-0D54-4FDE-A241-6E4B03692315"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p61:*:*:*:*:*:*","matchCriteriaId":"91F16EF5-4F62-4D04-AF2E-9867CC96F42F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p62:*:*:*:*:*:*","matchCriteriaId":"5E1AA127-8578-4DDE-9189-437FF384F24A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p63:*:*:*:*:*:*","matchCriteriaId":"3F084101-EC75-4F1A-B0D3-D4B161A4C30A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p64:*:*:*:*:*:*","matchCriteriaId":"B9BE6456-9805-4FC6-B937-7505480E5BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p65:*:*:*:*:*:*","matchCriteriaId":"28FF7D7B-79D5-4CFA-BED1-9F68200BDBD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p66:*:*:*:*:*:*","matchCriteriaId":"BBD63622-9C07-4110-BFB6-45574CA51E85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p67:*:*:*:*:*:*","matchCriteriaId":"326AF319-30FA-4460-8095-9895F7778808"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p68:*:*:*:*:*:*","matchCriteriaId":"C4F42335-E1C1-4A35-8F05-B04F73EA36AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p69:*:*:*:*:*:*","matchCriteriaId":"C0A3A492-9985-4FE8-82ED-5B793F0CD252"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p7:*:*:*:*:*:*","matchCriteriaId":"C1D01BD4-27BF-49BD-9305-F26E0EC778AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p70:*:*:*:*:*:*","matchCriteriaId":"3EB30D8D-4AE8-4975-BFAC-7A4352666335"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p71:*:*:*:*:*:*","matchCriteriaId":"A29E2D36-7374-4F80-90C5-6E5B4A03DB42"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p72:*:*:*:*:*:*","matchCriteriaId":"BD4EF13C-9561-4791-AF4A-790466A38A12"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p73:*:*:*:*:*:*","matchCriteriaId":"06DF6604-2175-4341-BEED-BF381A3E82FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p74:*:*:*:*:*:*","matchCriteriaId":"046E1F04-A028-41C1-ACA5-0A4E13B57CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p75:*:*:*:*:*:*","matchCriteriaId":"FC712CBC-5212-4EDB-8F2E-25D839C417B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p76:*:*:*:*:*:*","matchCriteriaId":"71D343FF-390C-4EA4-863D-A684D49AA321"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p77:*:*:*:*:*:*","matchCriteriaId":"A75FD97F-B998-4506-8D81-87A9A4DD7216"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p78:*:*:*:*:*:*","matchCriteriaId":"EB24361D-B7F2-4A98-9AF7-ADB5E91FEBBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p79:*:*:*:*:*:*","matchCriteriaId":"825CC1F4-A5F3-4F2F-BA82-AE5843AFA0D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p8:*:*:*:*:*:*","matchCriteriaId":"F4E82220-4E07-41B0-952A-9C0CC0973D60"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p80:*:*:*:*:*:*","matchCriteriaId":"6969C6F6-845C-4023-B7D3-2E0ECE90D355"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p81:*:*:*:*:*:*","matchCriteriaId":"6EB84D6B-FC5A-4AC3-9F2D-EA3015917FCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p82:*:*:*:*:*:*","matchCriteriaId":"3B0487A0-CA40-4DA6-9CE2-B912180FCDC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p83:*:*:*:*:*:*","matchCriteriaId":"904B93E2-D880-49A7-B6EB-E4CC0274CE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p84:*:*:*:*:*:*","matchCriteriaId":"FE6E7BAC-0D0E-4BE7-A3EB-5DC39FFD3BD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p85:*:*:*:*:*:*","matchCriteriaId":"6D66BC48-C3BA-4BEA-BE22-15E08400F7EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p86:*:*:*:*:*:*","matchCriteriaId":"1A33C1B1-72FA-4B7A-BFB1-74A8C8B9E0AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p87:*:*:*:*:*:*","matchCriteriaId":"671D4E8C-27EB-404B-8360-4DDB17794C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p88:*:*:*:*:*:*","matchCriteriaId":"19CE5AEB-1A3E-4E4E-9582-90FFF796F750"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p89:*:*:*:*:*:*","matchCriteriaId":"9673E80A-55D3-4D2C-B8E0-2EE46950DB8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p9:*:*:*:*:*:*","matchCriteriaId":"38F02F01-569A-445D-A954-D9369E0B8850"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p90:*:*:*:*:*:*","matchCriteriaId":"97E2530E-CD9B-4DE1-ABCE-4777F54D8DF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p91:*:*:*:*:*:*","matchCriteriaId":"6470A9D0-4C38-4A3D-90EE-3B1D9DB6E25A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p92:*:*:*:*:*:*","matchCriteriaId":"CB5503D1-4DF1-402A-83BA-46EF69CE88F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p93:*:*:*:*:*:*","matchCriteriaId":"DE5410A0-A66E-4759-9D7A-268374747936"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p94:*:*:*:*:*:*","matchCriteriaId":"B44716FB-1789-45E7-A2E1-06489D29DDFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p95:*:*:*:*:*:*","matchCriteriaId":"E00F67B6-7B05-4EAE-8004-080590CC6381"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p96:*:*:*:*:*:*","matchCriteriaId":"8BF82B7F-A4B8-4294-BF92-7B09EE1A61F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p97:*:*:*:*:*:*","matchCriteriaId":"8F8E44FE-91B3-44B6-B793-65176C01294F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p98:*:*:*:*:*:*","matchCriteriaId":"4F81E473-FDFA-49B1-B2F9-DE44BFC4333E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.7:p99:*:*:*:*:*:*","matchCriteriaId":"8E4ED509-8B0B-4F3E-9378-193500762248"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*","matchCriteriaId":"EEA51D83-5841-4335-AF07-7A43C118CAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*","matchCriteriaId":"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*","matchCriteriaId":"49ADE0C3-F75C-4EC0-8805-56013F0EB92C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*","matchCriteriaId":"D8FF625A-EFA3-43D1-8698-4A37AE31A07C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*","matchCriteriaId":"E3B99BBD-97FE-4615-905A-A614592226F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*","matchCriteriaId":"E7A9AD3A-F030-4331-B52A-518BD963AB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*","matchCriteriaId":"C293B8BE-6691-4944-BCD6-25EB98CABC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*","matchCriteriaId":"CEA650F8-2576-494A-A861-61572CA319D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*","matchCriteriaId":"4ED21EE8-7CBF-4BC5-BFC3-185D41296238"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*","matchCriteriaId":"C76A0B44-13DE-4173-8D05-DA54F6A71759"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*","matchCriteriaId":"1450241C-2F6D-4122-B33C-D78D065BA403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*","matchCriteriaId":"721AFD22-91D3-488E-A5E6-DD84C86E412B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*","matchCriteriaId":"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*","matchCriteriaId":"466D9A37-2658-4695-9429-0C6BF4A631C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*","matchCriteriaId":"99774181-5F12-446C-AC2C-DB1C52295EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*","matchCriteriaId":"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*","matchCriteriaId":"99C71C00-7222-483B-AEFB-159337BD3C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*","matchCriteriaId":"75A9AA28-1B20-44BB-815C-7294A53E910E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*","matchCriteriaId":"8C213794-111D-41F3-916C-AD97F731D600"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*","matchCriteriaId":"50811A7B-0379-4437-8737-B4C1ACBC9EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hpe:hpux-ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"b.11.31","versionEndExcluding":"c.4.2.8.2.0","matchCriteriaId":"C771C48E-2B29-491D-8FF0-69D81229465D"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3082","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94448","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40806/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3082","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94448","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40806/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8467","sourceIdentifier":"security@android.com","published":"2017-01-13T16:59:00.590","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service (device interoperability: completely permanent or requiring re-flashing the entire operating system). Product: Android. Versions: N/A. Android ID: A-30308784."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegios en el gestor de arranque podría permitir a un atacante local ejecutar comandos de módem arbitrarios en el dispositivo. Este problema está clasificado como High porque es una denegación de servicio local permanente (interoperabilidad del dispositivo: completamente permanente o requiere reflashear todo el sistema operativo). Producto: Android. Versiones: N/A. Android ID: A-30308784."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.0","matchCriteriaId":"3138B760-5845-4B97-853D-083482BB61B4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95250","source":"security@android.com"},{"url":"https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-01-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95250","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-01-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8671","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6887."},{"lang":"es","value":"La función pstm_exptmod en MatrixSSL 3.8.6 y versiones anteriores no realiza adecuadamente la exponenciación modular, lo que podría permitir a atacantes remotos predecir la clave secreta a través de vectores no especificados. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-6887."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.6","matchCriteriaId":"5E830D80-ECB2-4764-BEC7-03CC59517109"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/15/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/15/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95439","source":"cve@mitre.org"},{"url":"https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671%2C-incomplete-fix-for-CVE-2016-6887.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/15/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95439","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-CVE-2016-8671%2C-incomplete-fix-for-CVE-2016-6887.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8882","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."},{"lang":"es","value":"La función jpc_dec_tilefini en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.8 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.7","matchCriteriaId":"1895E760-3523-453D-80DA-45846E81402D"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3785","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/17/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/23/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95864","source":"cve@mitre.org"},{"url":"https://github.com/mdadams/jasper/issues/30","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/17/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/23/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95864","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/mdadams/jasper/issues/30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8883","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file."},{"lang":"es","value":"La función jpc_dec_tiledecode en jpc_dec.c en JasPer en versiones anteriores a 1.900.8 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.7","matchCriteriaId":"1895E760-3523-453D-80DA-45846E81402D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/17/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/23/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95865","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org"},{"url":"https://github.com/mdadams/jasper/issues/32","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3693-1/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/17/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/23/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95865","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/mdadams/jasper/issues/32","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3693-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9107","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.823","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors."},{"lang":"es","value":"El plugin OTR para Gajim envía información en texto plano cuando se utiliza XHTML, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:otr:gajim-otr:-:*:*:*:*:*:*:*","matchCriteriaId":"2E7F413A-5C36-41EE-A48F-A2E398E9BF13"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94099","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://dev.gajim.org/gajim/gajim-plugins/issues/145","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94099","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://dev.gajim.org/gajim/gajim-plugins/issues/145","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]}]}},{"cve":{"id":"CVE-2016-9310","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.857","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to set or unset traps via a crafted control mode packet."},{"lang":"es","value":"La funcionalidad de modo de control (mode 6) en ntpd en NTP en versiones anteriores a 4.2.8p9 permite a atacantes remotos establecer o desactivar trampas a través de un paquete de modo de control manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"72A23255-B135-4A4C-A2BA-A93026C0F520"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3118","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94452","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3707-2/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3118","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94452","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3707-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9311","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.903","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted packet."},{"lang":"es","value":"ntpd en NTP en versiones anteriores a 4.2.8p9, cuando el servicio de captura está habilitado, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un paquete manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"72A23255-B135-4A4C-A2BA-A93026C0F520"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3119","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94444","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us","source":"cve@mitre.org"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_us","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3707-2/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0252.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3119","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94444","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03706en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:39.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03799en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03885en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3707-2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9312","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet."},{"lang":"es","value":"ntpd en NTP en versiones anteriores a 4.2.8p9, cuando se ejecuta en Windows, permite a atacantes remotos provocar una denegación de servicio a través de un paquete UDP grande."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p8:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"72A23255-B135-4A4C-A2BA-A93026C0F520"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://nwtime.org/ntp428p9_release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3110","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94450","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"cve@mitre.org"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://nwtime.org/ntp428p9_release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3110","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94450","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bto.bluecoat.com/security-advisory/sa139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/633847","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9807","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:00.980","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file."},{"lang":"es","value":"La función flx_decode_chunks en gst/flx/gstflxdec.c en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo FLIC manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95148","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774859","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774859","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9808","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.043","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs."},{"lang":"es","value":"El decodificador FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída) a través de una serie manipulada de saltar y contar pares."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95446","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95446","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9809","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read."},{"lang":"es","value":"Error por un paso en la función gst_h264_parse_set_caps en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado, lo que desencadena una lectura fuera de límites."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95147","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774896","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774896","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9810","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call."},{"lang":"es","value":"La función gst_decode_chain_free_internal en el decodificador flxdex en gst-plugins-good en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo no válido, lo que desencadena una llamada unref incorrecta ."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95163","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774897","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95163","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774897","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9811","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file."},{"lang":"es","value":"La función windows_icon_typefind en gst-plugins-base en GStreamer en versiones anteriores a 1.10.2, cuando G_SLICE esta configurado para malloc siempre, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de un archivo ico manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3819","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95161","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774902","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95161","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774902","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9812","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section."},{"lang":"es","value":"La función gst_mpegts_section_new en el decodificador mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de los límites) a través de una sección demasiado pequeña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95160","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775048","source":"cve@mitre.org"},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95160","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775048","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9813","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T16:59:01.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."},{"lang":"es","value":"La función _parse_pat en el intérprete mpegts en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95158","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775120","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/42162/","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775120","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/42162/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0398","sourceIdentifier":"security@android.com","published":"2017-01-13T16:59:01.403","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en Audioserver podría permitir a una aplicación local maliciosa acceder a datos fuera de su nivel de permiso. Este problema está clasificado como Moderate porque podría utilizarse para acceder a datos sensibles sin permiso. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95226","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-01-01.html","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/95226","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-01-01.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2010-5327","sourceIdentifier":"cve@mitre.org","published":"2017-01-13T19:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template."},{"lang":"es","value":"Liferay Portal hasta la versión 6.2.10 permite a usuarios remotos autenticados ejecutar comandos shell arbitrarios a través de una plantilla Velocity manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.10","matchCriteriaId":"3E35F049-1FDA-45C9-B49F-8EF3D7547BCB"}]}]}],"references":[{"url":"https://dev.liferay.com/web/community-security-team/known-vulnerabilities","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/liferay/liferay-portal/commit/90c4e85a8f8135f069f3f05e4d54a77704769f91","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://issues.liferay.com/browse/LPE-14964","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://issues.liferay.com/browse/LPS-64547","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://issues.liferay.com/browse/LPS-7087","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://dev.liferay.com/web/community-security-team/known-vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/lps-64547-remote-code-execution-and-privilege-escalation-in-templates","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/liferay/liferay-portal/commit/90c4e85a8f8135f069f3f05e4d54a77704769f91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://issues.liferay.com/browse/LPE-14964","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://issues.liferay.com/browse/LPS-64547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://issues.liferay.com/browse/LPS-7087","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-10142","sourceIdentifier":"cve@mitre.org","published":"2017-01-14T07:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (The scope of this CVE is all affected IPv6 implementations from all vendors.) The security implications of IP fragmentation have been discussed at length in [RFC6274] and [RFC7739]. An attacker can leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and can subsequently perform any type of fragmentation-based attack against legacy IPv6 nodes that do not implement [RFC6946]. That is, employing fragmentation where not actually needed allows for fragmentation-based attack vectors to be employed, unnecessarily. We note that, unfortunately, even nodes that already implement [RFC6946] can be subject to DoS attacks as a result of the generation of IPv6 atomic fragments. Let us assume that Host A is communicating with Host B and that, as a result of the widespread dropping of IPv6 packets that contain extension headers (including fragmentation) [RFC7872], some intermediate node filters fragments between Host B and Host A. If an attacker sends a forged ICMPv6 PTB error message to Host B, reporting an MTU smaller than 1280, this will trigger the generation of IPv6 atomic fragments from that moment on (as required by [RFC2460]). When Host B starts sending IPv6 atomic fragments (in response to the received ICMPv6 PTB error message), these packets will be dropped, since we previously noted that IPv6 packets with extension headers were being dropped between Host B and Host A. Thus, this situation will result in a DoS scenario. Another possible scenario is that in which two BGP peers are employing IPv6 transport and they implement Access Control Lists (ACLs) to drop IPv6 fragments (to avoid control-plane attacks). If the aforementioned BGP peers drop IPv6 fragments but still honor received ICMPv6 PTB error messages, an attacker could easily attack the corresponding peering session by simply sending an ICMPv6 PTB message with a reported MTU smaller than 1280 bytes. Once the attack packet has been sent, the aforementioned routers will themselves be the ones dropping their own traffic."},{"lang":"es","value":"Se descubrió un problema en la especificación de protocolo IPv6, relacionado con los mensajes ICMP Packet Too Big (PTB). (El alcance de esta CVE afecta a todas las implementaciones IPv6 de todos los vendedores.) Las implicaciones de seguridad de fragmentación IP se han discutido extensamente en [RFC6274] y [RFC7739]. Un atacante puede aprovechar la generación de fragmentos atómicos IPv6 para desencadenar el uso de fragmentación en un flujo IPv6 arbitrariamente (en escenarios en los que no es necesaria la fragmentación real de paquetes) y puede posteriormente realizar cualquier tipo de ataque basado en fragmentación contra nodos IPv6 heredados que no implementan [RFC6946]. Es decir, empleando la fragmentación donde no se necesita realmente permite emplear vectores de ataque basados en fragmentación, innecesariamente. Observamos que, desafortunadamente, incluso los nodos que ya implementan [RFC6946] pueden estar sujetos a ataques DoS como resultado de la generación de fragmentos atómicos IPv6. Vamos a asumir que el Host A se está comunicando con el Host B y que, como resultado de la caída generalizada de paquetes IPv6 que contienen cabeceras de extensión (incluyendo la fragmentación) [RFC7872], algunos nodos intermedios filtran fragmentos entre Host B y Host A. Si un atacante envía un mensaje de error falsificado ICMPv6 PTB al Host B, comunicando una MTU menor que 1280, esto desencadena la generación de fragmentos atómicos IPv6 a partir de ese momento (como es requerido por [RFC2460]). Cuando el Host B comienza a enviar fragmentos atómicos IPv6 (en respuesta al mensaje de error ICMPv6 PTB recibido), este paquete será perdido, ya que se anotó anteriormente que los paquetes IPv6 con los encabezados de la extensión estaban siendo caídos entre el Host B y el Host A. Por tanto, esta situación resultará en un escenario DoS. Otro posible escenario es aquel en el que dos pares BGP están empleando transporte IPv6 e implementan Access Control List (ACLs) para perder fragmentos IPv6 (para evitar ataques de plano de control). Si los pares BGP mencionados borran fragmentos IPv6 pero aún así cumplen con los mensajes de error ICMPv6 PTB recibidos, un atacante podría atacar fácilmente hurgando en la sesión correspondiente enviando simplemente un mensaje ICMPv6 PTB con una MTU reportada menor de 1280 bytes. Una vez que el paquete de ataque ha sido enviado, los routers citados serán ellos mismos los que caeran por su propio tráfico."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-17"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ietf:ipv6:-:*:*:*:*:*:*:*","matchCriteriaId":"9143AE03-F25A-4C4A-9037-DFBC9B4F5FB8"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0817.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95797","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1038256","source":"cve@mitre.org"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730","source":"cve@mitre.org"},{"url":"https://support.f5.com/csp/article/K57211290?utm_source=f5support&amp%3Butm_medium=RSS","source":"cve@mitre.org"},{"url":"https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-08","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://tools.ietf.org/html/rfc8021","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0817.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95797","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1038256","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K57211290?utm_source=f5support&amp%3Butm_medium=RSS","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://tools.ietf.org/html/rfc8021","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5473","sourceIdentifier":"cve@mitre.org","published":"2017-01-14T07:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua."},{"lang":"es","value":"Vulnerabilidad de CSRF en ntopng hasta la versión 2.4 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios, según lo demostrado por admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua y admin/password_reset.lua."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntop:ntopng:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4","matchCriteriaId":"553EDC87-EF7A-4FD1-9CA0-447B22340CC7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95654","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41141/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95654","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41141/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5474","sourceIdentifier":"cve@mitre.org","published":"2017-01-14T07:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header."},{"lang":"es","value":"Vulnerabilidad de redirección abierta en comment.php en Serendipity hasta la versión 2.0.5 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar acabo ataques de phishing a través de una URL en el encabezado HTTP Referer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"A8C50710-D1C1-4D98-8905-2331437E2C29"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95652","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.securityfocus.com/bid/95652","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/commit/6285933470bab2923e4573b5d54ba9a32629b0cd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2017-5475","sourceIdentifier":"cve@mitre.org","published":"2017-01-14T07:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments."},{"lang":"es","value":"comment.php en Serendipity hasta la versión 2.0.5 permite CSRF en la eliminación de cualquier comentario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"A8C50710-D1C1-4D98-8905-2331437E2C29"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95656","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/issues/439","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.securityfocus.com/bid/95656","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/issues/439","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2017-5476","sourceIdentifier":"cve@mitre.org","published":"2017-01-14T07:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Serendipity through 2.0.5 allows CSRF for the installation of an event plugin or a sidebar plugin."},{"lang":"es","value":"Serendipity hasta la versión 2.0.5 permite CSRF para la instalación de un plugin de evento o un plugin de barra lateral."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:s9y:serendipity:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"A8C50710-D1C1-4D98-8905-2331437E2C29"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95659","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/issues/439","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.securityfocus.com/bid/95659","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/issues/439","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-8201","sourceIdentifier":"sirt@brocade.com","published":"2017-01-14T19:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster."},{"lang":"es","value":"Una vulnerabilidad CSRF en versiones Brocade Virtual Traffic Manager publicadas anteriormente e incluyendo a la 11.0 podrían permitir a un atacante engañar a un usuario conectado para que realice cambios administrativos en el clúster del gestor de tráfico."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:brocade:virtual_traffic_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"90B36329-4883-42C3-827D-A07D9ACE421D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95930","source":"sirt@brocade.com"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43681","source":"sirt@brocade.com"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114","source":"sirt@brocade.com"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005","source":"sirt@brocade.com"},{"url":"https://www.kb.cert.org/vuls/id/192371","source":"sirt@brocade.com"},{"url":"http://www.securityfocus.com/bid/95930","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43681","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/192371","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8204","sourceIdentifier":"sirt@brocade.com","published":"2017-01-14T19:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en FileReceiveServlet en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podrían permitir a atacantes remotos cargar un archivo malicioso en un sección del sistema de archivos donde puede ser ejecutado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:brocade_network_advisor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.2","matchCriteriaId":"72E5E686-C6DF-4386-941F-52301089EF6C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95695","source":"sirt@brocade.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-049","source":"sirt@brocade.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"sirt@brocade.com","tags":["Third Party Advisory"]},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177","source":"sirt@brocade.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-049","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8205","sourceIdentifier":"sirt@brocade.com","published":"2017-01-14T19:59:00.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en DashboardFileReceiveServlet en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo la 14.0.2 podrían permitir a atacantes remotos cargar un archivo malicioso en una sección del sistema de archivos donde puede ser ejecutado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.2","matchCriteriaId":"549F2607-DC42-46B1-AC0E-353C252EA3CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95694","source":"sirt@brocade.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-050","source":"sirt@brocade.com"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"sirt@brocade.com"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-178","source":"sirt@brocade.com"},{"url":"http://www.securityfocus.com/bid/95694","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-050","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-178","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8206","sourceIdentifier":"sirt@brocade.com","published":"2017-01-14T19:59:00.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en el servlet SoftwareImageUpload en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podrían permitir a atacantes remotos escribir archivos arbitrarios, y consecuentemente eliminar los archivos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.2","matchCriteriaId":"549F2607-DC42-46B1-AC0E-353C252EA3CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95692","source":"sirt@brocade.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-051","source":"sirt@brocade.com"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"sirt@brocade.com"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179","source":"sirt@brocade.com"},{"url":"http://www.securityfocus.com/bid/95692","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-051","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8207","sourceIdentifier":"sirt@brocade.com","published":"2017-01-14T19:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Directory Traversal vulnerability in CliMonitorReportServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to read arbitrary files including files with sensitive user information."},{"lang":"es","value":"Una vulnerabilidad de salto de directorio en CliMonitorReportServlet en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podrían permitir a atacantes remotos leer archivos arbitrarios incluyendo archivos con información de usuario sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.0.2","matchCriteriaId":"549F2607-DC42-46B1-AC0E-353C252EA3CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95691","source":"sirt@brocade.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-052","source":"sirt@brocade.com"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"sirt@brocade.com"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180","source":"sirt@brocade.com"},{"url":"http://www.securityfocus.com/bid/95691","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-052","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-180","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2584","sourceIdentifier":"secalert@redhat.com","published":"2017-01-15T02:59:02.750","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt."},{"lang":"es","value":"arch/x86/kvm/emulate.c en el kernel de Linux hasta la versión 4.9.3 permite a usuarios locales obtener información sensible de memoria del kernel o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada que aprovecha la emulación de instrucciones para fxrstor, fxsave, sgdt y sidt."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:P","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.3","matchCriteriaId":"A6EF8826-3017-454A-9684-A61AA69029DF"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d","source":"secalert@redhat.com"},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/7","source":"secalert@redhat.com"},{"url":"http://www.securityfocus.com/bid/95430","source":"secalert@redhat.com"},{"url":"http://www.securitytracker.com/id/1037603","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413001","source":"secalert@redhat.com"},{"url":"https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d","source":"secalert@redhat.com"},{"url":"https://usn.ubuntu.com/3754-1/","source":"secalert@redhat.com"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95430","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037603","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1413001","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5487","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:02.797","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request."},{"lang":"es","value":"wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php en la implementación REST API en WordPress 4.7 en versiones anteriores a 4.7.1 no restringe adecuadamente los listados de autores de publicación, lo que permite a atacantes remotos obtener información sensible a través de una petición wp-json/wp/v2/users."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95391","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8715","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41497/","source":"cve@mitre.org"},{"url":"https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95391","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8715","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41497/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5488","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:02.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en wp-admin/update-core.php en WordPress en versiones anteriores a 4.7.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del (1) nombre o (2) encabezado de versión de un plugin."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95397","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8716","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95397","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8716","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5489","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:02.890","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims via vectors involving a Flash file upload."},{"lang":"es","value":"Vulnerabilidad de CSRF en WordPress en versiones anteriores a 4.7.1 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores que implican una carga de archivo Flash."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95399","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8717","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95399","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8717","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5490","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:02.937","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php."},{"lang":"es","value":"Vulnerabilidad de XSS en la funcionalidad de retorno de nombre de tema en wp-includes/class-wp-theme.php en WordPress en versiones anteriores a 4.7.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de directorio manipulado de un tema, relacionado con wp-admin/includes/class-theme-installer-skin.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95402","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8718","source":"cve@mitre.org"},{"url":"https://www.mehmetince.net/low-severity-wordpress/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95402","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mehmetince.net/low-severity-wordpress/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5491","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:02.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wp-mail.php in WordPress before 4.7.1 might allow remote attackers to bypass intended posting restrictions via a spoofed mail server with the mail.example.com name."},{"lang":"es","value":"wp-mail.php en WordPress en versiones anteriores a 4.7.1 podría permitir a atacantes remotos eludir las restricciones de publicación previstas a través de un servidor de correo falsificado con el nombre mail.example.com."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95406","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8719","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95406","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8719","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5492","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:03.033","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in the widget-editing accessibility-mode feature in WordPress before 4.7.1 allows remote attackers to hijack the authentication of unspecified victims for requests that perform a widgets-access action, related to wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php."},{"lang":"es","value":"Vulnerabilidad de CSRF en la funcionalidad de modo de accesibilidad de edición de widget en WordPress en versiones anteriores a 4.7.1 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas para solicitudes que realizan una acción de acceso a widgets, relacionado con wp-admin/includes/class-wp-screen.php and wp-admin/widgets.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95407","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8720","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95407","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8720","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5493","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T02:59:03.077","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup."},{"lang":"es","value":"wp-includes/ms-functions.php en la API Multisite WordPress en WordPress en versiones anteriores a 4.7.1 no elige adecuadamente los números aleatorios para claves, lo que hace que más fácil para atacantes remotos eludir las restricciones destinadas al acceso a través de una inscripción del (1) sitio o (2) usuario manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-338"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"5C55F44C-4A71-4C47-9908-071A23D46939"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95401","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037591","source":"cve@mitre.org"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8721","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95401","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037591","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://codex.wordpress.org/Version_4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8721","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5480","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T22:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en inc/files/files.ctrl.php en b2evolution hasta la versión 6.8.3 permite a usuarios remotos autenticados leer o eliminar archivos arbitrarios aprovechando el acceso back-office para proporcionar un .. (punto punto) en el parámetro del array fm_selected."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.3","matchCriteriaId":"9C4446F5-9D08-412C-B4DB-3BFF3B7D7831"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95454","source":"cve@mitre.org"},{"url":"https://github.com/b2evolution/b2evolution/commit/26841d9c81f27ad23b2f6e4bd5eaec7f2f58dfe0","source":"cve@mitre.org"},{"url":"https://github.com/b2evolution/b2evolution/issues/35","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95454","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/b2evolution/b2evolution/commit/26841d9c81f27ad23b2f6e4bd5eaec7f2f58dfe0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/b2evolution/b2evolution/issues/35","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5494","sourceIdentifier":"cve@mitre.org","published":"2017-01-15T22:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en la tabla de tipos de archivo en b2evolution hasta la versión 6.8.3 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un archivo .swf manipulado en un (1) marco del comentario o (2) marco del avatar."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.3","matchCriteriaId":"9C4446F5-9D08-412C-B4DB-3BFF3B7D7831"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95452","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/b2evolution/b2evolution/issues/34","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95452","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/261dbd5b294e707af766691e65a177a290314a6e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/b2evolution/b2evolution/issues/34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7904","sourceIdentifier":"cve@mitre.org","published":"2017-01-16T06:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request."},{"lang":"es","value":"Vulnerabilidad de CSRF en CMS Made Simple en versiones anteriores a 2.1.6 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que crean cuentas a través de una petición admin/adduser.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.5","matchCriteriaId":"48BE0C70-56E1-4361-8C4E-0E6B3CDB2602"}]}]}],"references":[{"url":"http://dev.cmsmadesimple.org/project/changelog/5392","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/16/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95453","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://dev.cmsmadesimple.org/project/changelog/5392","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95453","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5223","sourceIdentifier":"cve@mitre.org","published":"2017-01-16T06:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base directory is provided, it resolves to /, meaning that relative image URLs get treated as absolute local file paths and added as attachments. To form a remote vulnerability, the msgHTML method must be called, passed an unfiltered, user-supplied HTML document, and must not set a base directory."},{"lang":"es","value":"Se ha descubierto un problema en PHPMailer en versiones anteriores a 5.2.22. El método msgHTML de PHPMailer aplica transformaciones a un documento HTML para hacerlo utilizable como un cuerpo de mail. Una de las transformaciones es convertir URLs de imágenes relativas en adjuntos utilizando un directorio base proporcionado por script. Si no se proporciona ningún directorio base, se resuelve en /, lo que significa que las URLs de imágenes relativas se tratan como rutas de archivo locales absolutas y se añaden como adjuntos. Para formar una vulnerabilidad remota, el método msgHTML debe ser llamado, pasado a un documento HTML suministrado por el usuario no filtrado y no debe establecer un directorio base."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.21","matchCriteriaId":"BBD6A575-99D0-4982-809D-60A6D11AFB5B"}]}]}],"references":[{"url":"http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95328","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43056/","source":"cve@mitre.org"},{"url":"http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/43056/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5515","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names."},{"lang":"es","value":"Vulnerabilidad de XSS en la función prompt del usuario en GeniXCMS hasta la versión 0.0.8 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de nombres de etiqueta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95623","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/63","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95623","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/63","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5516","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en los formularios de usuario en GeniXCMS hasta la versión 0.0.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95622","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/65","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95622","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/65","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5517","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en author.control.php en GeniXCMS hasta la versión 0.0.8 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro type."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95455","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/66","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95455","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/66","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5518","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address."},{"lang":"es","value":"La característica de subida de archivos multimedia en GeniXCMS hasta la versión 0.0.8 permite a atacantes remotos llevar a cabo ataques SSRF a través de una URL, según lo demostrado por una dirección IP de la intranet."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95462","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/64","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95462","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/64","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5519","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en Posts.class.php en GeniXCMS hasta la versión 0.0.8 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95458","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/67","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95458","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5520","sourceIdentifier":"cve@mitre.org","published":"2017-01-17T09:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions."},{"lang":"es","value":"La funcionalidad de cambio de nombre de medios en GeniXCMS hasta la versión 0.0.8 no considera extensiones de archivo PHP alternativas cuando comprueba los archivos subidos para contenido PHP, lo que permite a usuarios renombrar y ejecutar archivos con las extensiones `.php6`, `.php7` y `.phtml`."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95460","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/62","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95460","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2014-9909","sourceIdentifier":"security@android.com","published":"2017-01-18T17:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegios en el controlador Wi-Fi de Broadcom podría habilitar a una aplicación local maliciosa ejecutar código arbitrario en el contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: N/A. ID de Android: A-31676542. Referencias: B-RB#26684."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.0","matchCriteriaId":"3138B760-5845-4B97-853D-083482BB61B4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94685","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94685","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2014-9910","sourceIdentifier":"security@android.com","published":"2017-01-18T17:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegios en el controlador Wi-Fi de Broadcom podría habilitar a una aplicación maliciosa local ejecutar código arbitrario en el contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: N/A. ID de Android: A-31746399. Referencias: B-RB#26710."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.0","matchCriteriaId":"3138B760-5845-4B97-853D-083482BB61B4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94685","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94685","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2014-9913","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method."},{"lang":"es","value":"Desbordamiento de búfer en la función list_files en list.c en Info-Zip UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con el método de compresión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*","matchCriteriaId":"4C9BC86B-F353-4390-B288-B528BA8AA0A1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2014/11/03/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/19","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/20","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95081","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2014/11/03/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/19","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95081","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8667","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email."},{"lang":"es","value":"Vulnerabilidad de XSS en el módulo Reset Your Password en Exponent CMS en versiones anteriores a 2.3.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de Username/Email."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.5","matchCriteriaId":"46261FBE-CE73-4D20-89BE-21B36943B34D"}]}]}],"references":[{"url":"https://exponentcms.lighthouseapp.com/projects/61783/tickets/1320-exponent-cms-235-cross-site-scripting-vulnerability","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136763/Exponent-CMS-2.3.5-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/tickets/1320-exponent-cms-235-cross-site-scripting-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136763/Exponent-CMS-2.3.5-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-8684","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality."},{"lang":"es","value":"Exponent CMS en versiones anteriores a 2.3.7 no restringe adecuadamente los tipos de archivos que pueden ser subidos, lo que permite a atacantes remotos llevar a cabo ataques de XSS y posiblemente tener otro impacto no especificado como se demuestra subiendo un archivo con una extensión .html, y luego accediendo a él a través de la funcionalidad elFinder."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.5","matchCriteriaId":"46261FBE-CE73-4D20-89BE-21B36943B34D"}]}]}],"references":[{"url":"https://exponentcms.lighthouseapp.com/projects/61783/tickets/1323-exponent-cms-235-file-upload-cross-site-scripting-vulnerability","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136762/Exponent-CMS-2.3.5-File-Upload-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/tickets/1323-exponent-cms-235-file-upload-cross-site-scripting-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136762/Exponent-CMS-2.3.5-File-Upload-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2087","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el cliente en HexChat 2.11.0 permite a servidores IRC remotos leer o modificar archivos arbitrarios a través de un .. (punto punto) en el nombre del servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hexchat_project:hexchat:2.11.0:*:*:*:*:*:*:*","matchCriteriaId":"5D8504A5-A147-4DBA-BC04-CDCC2209840A"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95881","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/39656/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136564/Hexchat-IRC-Client-2.11.0-Directory-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95881","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/39656/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2233","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función inbound_cap_ls en common/inbound.c en HexChat 2.10.2 permite a servidores IRC remotos provocar una denegación de servicio (caída) a través un gran número de opciones en un mensaje CAP LS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hexchat_project:hexchat:2.10.2:*:*:*:*:*:*:*","matchCriteriaId":"4E589EED-4353-4A19-A78C-206405DAE420"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95920","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/39657/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136563/Hexchat-IRC-Client-2.11.0-CAP-LS-Handling-Buffer-Overflow.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95920","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/39657/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6526","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."},{"lang":"es","value":"El componente SpamCall Activity en la aplicación Telecom en dispositivo Samsung Note L(5.0/5.1) y M(6.0) permite a atacantes provocar una denegación de servicio (caída y reinicio) o posiblemente obtener privilegios a través de un objeto serializable malformado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"A13E2E2D-41E2-4CF7-A019-6B462A614271"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"DD99CD57-C55D-4812-8F9C-5ACE7555C086"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*","matchCriteriaId":"ABD6EA64-6B65-4487-914F-9EF9CBB78211"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92330","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6527","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object."},{"lang":"es","value":"El componente SmartCall Activity en la aplicación Telecom en dispositivo Samsung Note L(5.0/5.1) y M(6.0) permite a atacantes provocar una denegación de servicio (caída y reinicio) o posiblemente obtener privilegios a través de un objeto serializable malformado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"A13E2E2D-41E2-4CF7-A019-6B462A614271"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"DD99CD57-C55D-4812-8F9C-5ACE7555C086"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*","matchCriteriaId":"ABD6EA64-6B65-4487-914F-9EF9CBB78211"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92330","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92330","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6823","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (crash) via crafted height and width values, which triggers an out-of-bounds write."},{"lang":"es","value":"Desbordamiento de entero en el codificador BMP en ImageMagick en versiones anteriores a 7.0.2-10 permite a atacantes remotos provocar una denegación de servicio (caída) a través de valores de longitud y anchura manipulados, lo que desencadena una escritura fuera de límites."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.10-50","matchCriteriaId":"BF97F7CB-3E80-4DBB-8854-FF5C012BA0FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.2-10","matchCriteriaId":"AE8E545F-5752-46AB-8704-B3C098207E1D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93158","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834504","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7101","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.513","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large row value in an sgi file."},{"lang":"es","value":"El codificador SGI en ImageMagick en versiones anteriores a 7.0.2-10 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un valor de fila grande en un archivo sgi."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.5-8","matchCriteriaId":"E3035CD8-65DE-459B-AB33-710609EE0502"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.2-10","matchCriteriaId":"AE8E545F-5752-46AB-8704-B3C098207E1D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93181","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93181","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836776","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/7afcf9f71043df15508e46f079387bd4689a738d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/8f8959033e4e59418d6506b345829af1f7a71127","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7144","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The m_authenticate function in modules/m_sasl.c in UnrealIRCd before 3.2.10.7 and 4.x before 4.0.6 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."},{"lang":"es","value":"La función m_authenticate en modules/m_sasl.c en UnrealIRCd en versiones anteriores a 3.2.10.7 y 4.x en versiones anteriores a 4.0.6 permite a atacantes remotos suplantar huellas dactilares de certificados y consecuentemente iniciar sesión como otro usuario a través de un parámetro AUTHENTICATE manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.10.5","matchCriteriaId":"E36F4B9A-FE00-4254-AE01-988C5E3563DC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EEEACFAE-0672-465C-B36A-2511CD8F7D2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"78ABEC11-ACFD-49CD-BA6A-041EAE20FCCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7E776FF2-D9CC-468E-9505-8BAA042B070A"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"C4C6CA34-F564-4F19-AADB-D54595BA3BE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A89C6801-3E03-426E-A034-1DBC06998F9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C229E849-C99A-48C3-A00A-67A714904F1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:unrealircd:unrealircd:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"CB89D241-E224-45B9-8B77-B5FA3C955099"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/04/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92763","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forums.unrealircd.org/viewtopic.php?f=1&t=8588","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/04/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92763","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forums.unrealircd.org/viewtopic.php?f=1&t=8588","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-7149","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.590","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function."},{"lang":"es","value":"Vulnerabilidad de XSS en b2evolution 6.7.5 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con la función autolink."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*","versionEndIncluding":"6.7.5","matchCriteriaId":"F7C58506-ACD4-4D6E-A5A5-D4E3AEBE684A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92967","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92967","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/9a4ab85439d1b838ee7b8eeebbf59174bb787811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7150","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name."},{"lang":"es","value":"Vulnerabilidad de XSS en b2evolution 6.7.5 y versiones anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del nombre del sitio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*","versionEndIncluding":"6.7.5","matchCriteriaId":"F7C58506-ACD4-4D6E-A5A5-D4E3AEBE684A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92967","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92967","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/dd975fff7fce81bf12f9c59edb1a99475747c83c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7563","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.670","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input."},{"lang":"es","value":"La función chartorune en Artifex Software MuJS permite a atacantes provocar una denegación de servicio (lectura fuera de límites) a través de un * (asterisco) al final de la entrada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:-:*:*:*:*:*:*:*","matchCriteriaId":"41903F14-D2D5-4DF4-ADA6-5E5F44650EB6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697136","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697136","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-7564","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.700","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función Fp_toString en jsfunction.c en Artifex Software MuJS permite a atacantes provocar una denegación de servicio (caída) a través de una entrada manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:-:*:*:*:*:*:*:*","matchCriteriaId":"41903F14-D2D5-4DF4-ADA6-5E5F44650EB6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697137","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697137","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-7799","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.730","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."},{"lang":"es","value":"MagickCore/profile.c en ImageMagick en versiones anteriores a 7.0.3-2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.6-0","matchCriteriaId":"AAB57969-7952-4DE4-889A-B2C0AB33FE2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.3-2","matchCriteriaId":"BF1942A2-E54E-4792-ADA6-01B82CB96DC8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3726","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93264","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/280","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-21","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93264","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/280","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7906","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.777","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to cause a denial of service (use-after-free) via a crafted file."},{"lang":"es","value":"magick/attribute.c en ImageMagick 7.0.3-2 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*","matchCriteriaId":"D391DECE-2408-4A8F-ACE6-F18028C422A3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3726","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/02/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/02/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93271","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/90406972f108c4da71f998601b06abdc2ac6f06e","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/281","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-21","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/02/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/90406972f108c4da71f998601b06abdc2ac6f06e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/281","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7980","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.827","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request.  NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code."},{"lang":"es","value":"Vulnerabilidad de CSRF en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que ejecutan el validador XML en un archivo local a través de una solicitud valider_xml manipulada. NOTA: este problema se puede combinar con CVE-2016-7998 para ejecutar código PHP arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"108B7E4F-1501-4193-BF95-B2D3465FCB10"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"cve@mitre.org"},{"url":"https://core.spip.net/projects/spip/repository/revisions/23201","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23202","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23203","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://core.spip.net/projects/spip/repository/revisions/23201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23202","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-exec-code-cross-site-request-forgery-cve-2016-7980/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7981","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.873","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action."},{"lang":"es","value":"Vulnerabilidad de XSS en valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro var_url en una acción valider_xml."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"108B7E4F-1501-4193-BF95-B2D3465FCB10"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23200","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23201","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23202","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23200","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23202","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7982","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos enumerar los archivos en el sistema a través del parámetro var_url en una acción valider_xml."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"108B7E4F-1501-4193-BF95-B2D3465FCB10"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23200","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/06/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23200","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7996","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:00.997","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to have unspecified impact via a colormap with a large number of entries."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en el lector de formato WPG en GraphicsMagick 1.3.25 y versiones anteriores permite a atacantes remotos tener un impacto no especificado a través de un mapa de color con un gran número de entradas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.25","matchCriteriaId":"AF23F625-1F2F-4908-9BBE-DEBF470B3FC8"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93464","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93464","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7997","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.027","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WPG format reader in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (assertion failure and crash) via vectors related to a ReferenceBlob and a NULL pointer."},{"lang":"es","value":"El lector de formato WPG en GraphicsMagick 1.3.25 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída) a través de vectores relacionados con un ReferenceBlob y un puntero NULL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.25","matchCriteriaId":"AF23F625-1F2F-4908-9BBE-DEBF470B3FC8"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93467","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93467","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7998","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.060","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action."},{"lang":"es","value":"El compositor/compilador de plantillas de SPIP en SPIP 3.1.2 y versiones anteriores permite a usuarios remotos autentificados ejecutar código PHP arbitrario cargando un archivo HTML con una etiqueta INCLUDE (1) o INCLURE (2) manipulada y después accediendo a ella con una acción valider_xml."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"108B7E4F-1501-4193-BF95-B2D3465FCB10"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23186","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23189","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23192","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23186","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23189","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-template-compiler-composer-php-code-execution-cve-2016-7998/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7999","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.107","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action."},{"lang":"es","value":"Ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes llevar a cabo ataques de SSRF a través de una URL en el parámetro var_url en una acción valider_xml."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"108B7E4F-1501-4193-BF95-B2D3465FCB10"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23188","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23193","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23188","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://core.spip.net/projects/spip/repository/revisions/23193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side-request-forgery-cve-2016-7999/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9109","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences.  NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563."},{"lang":"es","value":"Artifex Software MuJS permite a atacantes provocar una denegación de servicio (bloqueo) a través de vectores relacionados con secuencias de escape incompletas. NOTA: esta vulnerabilidad existe debido a un arreglo incompleto para CVE-2016-7563."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:-:*:*:*:*:*:*:*","matchCriteriaId":"41903F14-D2D5-4DF4-ADA6-5E5F44650EB6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/07/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94150","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94150","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697136#c4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-9273","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file, related to changing td_nstrips in TIFF_STRIPCHOP mode."},{"lang":"es","value":"tiffsplit en libtiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado, relacionado con el cambio de td_nstrips en el modo TIFF_STRIPCHOP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"33708995-494C-476D-B0E3-1E78B9328699"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2587","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/20","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94271","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2587","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9278","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736."},{"lang":"es","value":"El controlador Samsung Exynos fimg2d para Android con chipsets Exynos 5433, 54xx o 7420 permite a usuarios locales provocar una denegación de servicio (pánico del kernel) a través de un comando ioctl manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:exynos_fimg2d_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE6484A-1FF8-413F-A39F-AB0E8216EA5F"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94283","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94283","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9279","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853."},{"lang":"es","value":"Vulnerabilidad de uso después de liberación de memoria en el controlador Samsung Exynos fimg2d para Android con chipsets Exynos 5433, 54xx o 7420 permite a atacantes obtener información sensible a través de vectores no especificados"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:exynos_fimg2d_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE6484A-1FF8-413F-A39F-AB0E8216EA5F"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94283","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94283","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9297","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII tag values."},{"lang":"es","value":"La función TIFFFetchNormalTag en LibTiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de valores de etiqueta TIFF_SETGET_C16ASCII o TIFF_SETGET_C32_ASCII manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"33708995-494C-476D-B0E3-1E78B9328699"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2590","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/12/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94419","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2590","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/12/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94419","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9584","sourceIdentifier":"secalert@redhat.com","published":"2017-01-18T17:59:01.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file."},{"lang":"es","value":"Bash en versiones anteriores a 4.4 permite a usuarios locales ejecutar comandos arbitrarios con privilegios de root a través de SHELLOPTS manipulados y variables de entorno PS4."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","matchCriteriaId":"F37A7E1D-2394-49F5-A33F-F46D62CB943C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/15/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94948","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/15/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94948","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9844","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T17:59:01.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header."},{"lang":"es","value":"Desbordamiento de búfer en la función zi_short en zipinfo.c en Info-Zip UnZip 6.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un valor de método de compresión grande en el encabezado del archivo de directorio central."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:unzip_project:unzip:6.0:*:*:*:*:*:*:*","matchCriteriaId":"4C9BC86B-F353-4390-B288-B528BA8AA0A1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/19","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/20","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94728","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/19","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94728","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-10147","sourceIdentifier":"secalert@redhat.com","published":"2017-01-18T21:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an AF_ALG socket with an incompatible algorithm, as demonstrated by mcryptd(md5)."},{"lang":"es","value":"crypto/mcryptd.c en el kernel de Linux en versiones anteriores a 4.8.15 permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL y caída del sistema) usando un socket AF_ALG con un algoritmo incompatible, según lo demostrado por mcryptd(md5)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.14","matchCriteriaId":"BED5892F-F01B-4B15-9D0E-00685567EE0C"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/17/13","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95677","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404200","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=48a992727d82cb7db076fa15d372178743b1f4cd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/17/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95677","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404200","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/torvalds/linux/commit/48a992727d82cb7db076fa15d372178743b1f4cd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10148","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T21:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896."},{"lang":"es","value":"La función wp_ajax_update_plugin en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.6 hace una llamada get_plugin_data antes de comprobar la capacidad update_plugins, lo que permite a usuarios remotos autenticados eludir las restricciones de acceso de lectura a través del parámetro plugin a wp-admin/admin-ajax.php, un caso relacionado con CVE-2016-6896."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"},{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.5","matchCriteriaId":"68FE87C1-1147-4A38-ABF0-8CC520BCA127"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96847","source":"cve@mitre.org"},{"url":"https://core.trac.wordpress.org/changeset/38168","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://core.trac.wordpress.org/ticket/37490","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://core.trac.wordpress.org/changeset/38168","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://core.trac.wordpress.org/ticket/37490","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6896","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T21:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en la función wp_ajax_update_plugin en wp-admin/includes/ajax-actions.php en WordPress 4.5.3 permite a usuarios remotos autenticados provocar una denegación de servicio o leer ciertos archivos de texto a través de un .. (punto punto) en el parámetro plugin para wp-admin/admin-ajax.php, según lo demostrado por operaciones de lectura /dev/random que agotan el pool de entropia."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3E3C09D8-B36B-4807-AC78-C0E893F1A72E"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1036683","source":"cve@mitre.org"},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8606","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40288/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1036683","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8606","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40288/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6897","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T21:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896."},{"lang":"es","value":"Vulnerabilidad de CSRF en la función wp_ajax_update_plugin en wp-admin/includes/ajax-actions.php en WordPress en versiones anteriores a 4.6 permite a atacantes remotos secuestrar la autenticación de subscriptores para operaciones de lectura /dev/random aprovechando una llamada tardía a la función check_ajax_referer, un caso relacionado con CVE-2016-6896."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.5","matchCriteriaId":"68FE87C1-1147-4A38-ABF0-8CC520BCA127"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92572","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1036683","source":"cve@mitre.org"},{"url":"https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568","source":"cve@mitre.org"},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"cve@mitre.org"},{"url":"https://wpvulndb.com/vulnerabilities/8606","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40288/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/20/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92572","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1036683","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/WordPress/WordPress/commit/8c82515ab62b88fb32d01c9778f0204b296f3568","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wpvulndb.com/vulnerabilities/8606","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40288/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10086","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request."},{"lang":"es","value":"Servicios web RESTful en CA Service Desk Manager 12.9 y CA Service Desk Management 14.1 podrían permitir usuarios remotos autenticados leer o modificar información de tareas aprovechando permisos incorrectos aplicados a una petición RESTful."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ca:service_desk_management:14.1:*:*:*:*:*:*:*","matchCriteriaId":"08C76F74-E03B-4A0A-9CB1-BC3C27520931"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:service_desk_manager:12.9:*:*:*:*:*:*:*","matchCriteriaId":"AFEE1987-820F-401D-8F54-8848592B189B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95366","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037583","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170109-01-security-notice-for-ca-service-desk-manager.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3401","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810."},{"lang":"es","value":"Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a usuarios remotos autenticados afectar a la integridad a través de vectores desconocidos, vulnerabilidad también conocida como error 99810."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95860","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95860","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3402","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167."},{"lang":"es","value":"Vulnerabilidad no especificada in Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos, vulnerabilidad también conocida como error 99167."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95887","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95887","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3404","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959."},{"lang":"es","value":"Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos, vulnerabilidad también conocida como error 103959."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95894","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95894","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3405","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828."},{"lang":"es","value":"Múltiples vulnerabilidades no especificadas en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos afectar a la integridad a través de vectores desconocidos, vulnerabilidades también conocidas como errores 103961 y 104828."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95886","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95886","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3406","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.343","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456."},{"lang":"es","value":"Múltiples vulnerabilidades de CSRF en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores que implican (1) la extensión de subida Client o (2) la extensión de manejo REST, vulnerabilidades también conocidas como errores 104294 y 104456."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95890","source":"cve@mitre.org"},{"url":"https://bugzilla.zimbra.com/show_bug.cgi?id=104294","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugzilla.zimbra.com/show_bug.cgi?id=104456","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95890","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.zimbra.com/show_bug.cgi?id=104294","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugzilla.zimbra.com/show_bug.cgi?id=104456","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3407","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocida como errores 104222, 104910, 105071 y 105175."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95897","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95897","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3408","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813."},{"lang":"es","value":"Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como error 101813."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95923","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95923","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3409","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637."},{"lang":"es","value":"Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como error 102637."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95896","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95896","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3410","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocidas como errores 103956, 103995, 104475, 104838 y 104839."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95900","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95900","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3411","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609."},{"lang":"es","value":"Vulnerabilidad de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como error 103609."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95901","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/45177/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95901","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/45177/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3412","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocidas como errores 103997, 104413, 104414, 104777 y 104791."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95899","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95899","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3413","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.593","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996."},{"lang":"es","value":"Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos, vulnerabilidad también conocida como error 103996."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95895","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95895","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3414","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029."},{"lang":"es","value":"Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.6.0 Patch 7 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos, vulnerabilidad también conocida como error 102029."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95918","source":"cve@mitre.org"},{"url":"https://forums.zimbra.org/viewtopic.php?f=8&t=59816","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95918","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://forums.zimbra.org/viewtopic.php?f=8&t=59816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3415","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.670","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276."},{"lang":"es","value":"Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos llevar a cabo ataques de deserialización a través de vectores no especificados, vulnerabilidad también conocida como error 102276."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95917","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95917","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3999","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.703","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Zimbra Collaboration en versiones anteriores a 8.7.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidades también conocidas como errores 104552 y 104703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95921","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95921","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4019","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.750","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477."},{"lang":"es","value":"Vulnerabilidad no especificada en Zimbra Collaboration en versiones anteriores a 8.7.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos, vulnerabilidad también conocida como error 104477."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"8.6.0","matchCriteriaId":"AB544961-B884-454E-AC8C-8E18E3B467DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95922","source":"cve@mitre.org"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95922","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6271","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.780","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception."},{"lang":"es","value":"La librería Bzrtp (también conocida como libbzrtp) 1.0.x en versiones anteriores a 1.0.4 permite a atacantes man-in-the-middle llevar a cabo ataques de suplantación de identidad aprovechando una comprobación HVI desaparecida en la recepción de paquetes DHPart2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bzrtp_project:bzrtp:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9536042E-1DA6-4971-85BA-E99A73F877A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bzrtp_project:bzrtp:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"27EC44AF-7082-4DF3-8ED1-9B380BE2EBDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bzrtp_project:bzrtp:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D470019E-5647-4D3F-A70D-DC19CBD5F588"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95928","source":"cve@mitre.org"},{"url":"https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/gteissier/CVE-2016-6271","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95928","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/gteissier/CVE-2016-6271","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6283","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.813","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action."},{"lang":"es","value":"Vulnerabilidad de XSS en Atlassian Confluence en versiones anteriores a 5.10.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro newFileName para pages/doeditattachment.action."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*","versionEndIncluding":"5.10.5","matchCriteriaId":"7144F387-B3DF-4E12-8363-BF6C28C84DAE"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/140363/Atlassian-Confluence-5.9.12-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95288","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40989/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/140363/Atlassian-Confluence-5.9.12-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95288","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40989/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6497","sourceIdentifier":"security-alert@hpe.com","published":"2017-01-18T22:59:00.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API in Apache allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods."},{"lang":"es","value":"main/java/org/apache/directory/groovyldap/LDAP.java en la API Groovy LDAP en Apache permite que los atacantes lleven a cabo ataques de envenenamiento de entradas LDAP aprovechando la configuración de returnObjFlag como \"true\" para todos los métodos de búsqueda."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:groovy_ldap:*:*:*:*:*:*:*:*","matchCriteriaId":"E5CF5C13-FB9B-4021-96E5-F908E3B6C37F"}]}]}],"references":[{"url":"http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch","source":"security-alert@hpe.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95929","source":"security-alert@hpe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E","source":"security-alert@hpe.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf","source":"security-alert@hpe.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"security-alert@hpe.com","tags":["Patch"]},{"url":"http://svn.apache.org/viewvc/directory/sandbox/szoerner/groovyldap/src/main/java/org/apache/directory/groovyldap/LDAP.java?r1=1765362&r2=1765361&pathrev=1765362&view=patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95929","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://mail-archives.apache.org/mod_mbox/directory-users/201610.mbox/%3Cb7d7e909-a8ed-1ab4-c853-4078c1e7624a%40stefan-seelmann.de%3E","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-9676","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.890","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"Desbordamiento de búfer en Citrix Provisioning Services en versiones anteriores a 7.12 permite a atacantes ejecutar código arbitrario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.0:*:*:*:*:*:*:*","matchCriteriaId":"52C4D6FE-01B4-44AB-87C7-18C020246319"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.1:*:*:*:*:*:*:*","matchCriteriaId":"64D32D91-F161-4E56-909C-BEE79B549BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.6:*:*:*:*:*:*:*","matchCriteriaId":"2273F1ED-4850-4DDB-B9A7-2393E4DCDFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.7:*:*:*:*:*:*:*","matchCriteriaId":"382FBEA9-A346-40AF-A207-423D604F9AA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.8:*:*:*:*:*:*:*","matchCriteriaId":"56A5CCAF-3881-4F2A-8CD3-677A6F234550"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.9:*:*:*:*:*:*:*","matchCriteriaId":"5D37E5F8-ED0D-420C-BF53-9073EA1E4B18"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.11:*:*:*:*:*:*:*","matchCriteriaId":"18D653FB-04BD-44B5-9B04-9492B8185925"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95620","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9677","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.937","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors."},{"lang":"es","value":"Citrix Provisioning Services en versiones anteriores a 7.12 permite a atacantes obtener información sensible de la dirección del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.0:*:*:*:*:*:*:*","matchCriteriaId":"52C4D6FE-01B4-44AB-87C7-18C020246319"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.1:*:*:*:*:*:*:*","matchCriteriaId":"64D32D91-F161-4E56-909C-BEE79B549BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.6:*:*:*:*:*:*:*","matchCriteriaId":"2273F1ED-4850-4DDB-B9A7-2393E4DCDFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.7:*:*:*:*:*:*:*","matchCriteriaId":"382FBEA9-A346-40AF-A207-423D604F9AA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.8:*:*:*:*:*:*:*","matchCriteriaId":"56A5CCAF-3881-4F2A-8CD3-677A6F234550"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.9:*:*:*:*:*:*:*","matchCriteriaId":"5D37E5F8-ED0D-420C-BF53-9073EA1E4B18"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.11:*:*:*:*:*:*:*","matchCriteriaId":"18D653FB-04BD-44B5-9B04-9492B8185925"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95620","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9678","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:00.967","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de uso después de liberación de memoria en Citrix Provisioning Services en versiones anteriores a 7.12 permite a atacantes ejecutar código arbitrario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.0:*:*:*:*:*:*:*","matchCriteriaId":"52C4D6FE-01B4-44AB-87C7-18C020246319"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.1:*:*:*:*:*:*:*","matchCriteriaId":"64D32D91-F161-4E56-909C-BEE79B549BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.6:*:*:*:*:*:*:*","matchCriteriaId":"2273F1ED-4850-4DDB-B9A7-2393E4DCDFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.7:*:*:*:*:*:*:*","matchCriteriaId":"382FBEA9-A346-40AF-A207-423D604F9AA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.8:*:*:*:*:*:*:*","matchCriteriaId":"56A5CCAF-3881-4F2A-8CD3-677A6F234550"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.9:*:*:*:*:*:*:*","matchCriteriaId":"5D37E5F8-ED0D-420C-BF53-9073EA1E4B18"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.11:*:*:*:*:*:*:*","matchCriteriaId":"18D653FB-04BD-44B5-9B04-9492B8185925"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95620","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9679","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:01.000","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer."},{"lang":"es","value":"Citrix Provisioning Services en versiones anteriores a 7.12 permite a atacantes ejecutar código arbitrario sobrescribiendo un puntero de función."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.0:*:*:*:*:*:*:*","matchCriteriaId":"52C4D6FE-01B4-44AB-87C7-18C020246319"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.1:*:*:*:*:*:*:*","matchCriteriaId":"64D32D91-F161-4E56-909C-BEE79B549BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.6:*:*:*:*:*:*:*","matchCriteriaId":"2273F1ED-4850-4DDB-B9A7-2393E4DCDFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.7:*:*:*:*:*:*:*","matchCriteriaId":"382FBEA9-A346-40AF-A207-423D604F9AA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.8:*:*:*:*:*:*:*","matchCriteriaId":"56A5CCAF-3881-4F2A-8CD3-677A6F234550"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.9:*:*:*:*:*:*:*","matchCriteriaId":"5D37E5F8-ED0D-420C-BF53-9073EA1E4B18"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.11:*:*:*:*:*:*:*","matchCriteriaId":"18D653FB-04BD-44B5-9B04-9492B8185925"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95620","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9680","sourceIdentifier":"cve@mitre.org","published":"2017-01-18T22:59:01.030","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors."},{"lang":"es","value":"Citrix Provisioning Services en versiones anteriores a 7.12 permite a atacantes obtener información sensible de la memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.0:*:*:*:*:*:*:*","matchCriteriaId":"52C4D6FE-01B4-44AB-87C7-18C020246319"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.1:*:*:*:*:*:*:*","matchCriteriaId":"64D32D91-F161-4E56-909C-BEE79B549BCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.6:*:*:*:*:*:*:*","matchCriteriaId":"2273F1ED-4850-4DDB-B9A7-2393E4DCDFFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.7:*:*:*:*:*:*:*","matchCriteriaId":"382FBEA9-A346-40AF-A207-423D604F9AA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.8:*:*:*:*:*:*:*","matchCriteriaId":"56A5CCAF-3881-4F2A-8CD3-677A6F234550"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.9:*:*:*:*:*:*:*","matchCriteriaId":"5D37E5F8-ED0D-420C-BF53-9073EA1E4B18"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:provisioning_services:7.11:*:*:*:*:*:*:*","matchCriteriaId":"18D653FB-04BD-44B5-9B04-9492B8185925"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95620","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.citrix.com/article/CTX219580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5196","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page."},{"lang":"es","value":"El cliente renderizado de contenido en Google Chrome anterior a 54.0.2840.85 para Android fuerza insuficientemente la Same Origin Policy entre los archivos descargados, lo que permite a un atacante remoto acceder a cualquier archivo descargado e interactuar con sitios, incluyendo aquellos en los que el usuario ha iniciado sesión, a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*","versionEndIncluding":"54.0.2840.68","matchCriteriaId":"275A82D6-5656-4062-A166-455CF0CA9ACC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94078","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/659492","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94078","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/659492","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5197","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page."},{"lang":"es","value":"El cliente de vista de contenido en Google Chrome anterior a 54.0.2840.85 para Android valida insuficientemente las URLs intencionadas, lo que permitió a un atacante remoto que ha comprometido el proceso de renderización para iniciar actividad arbitraria en el sistema a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*","versionEndIncluding":"54.0.2840.68","matchCriteriaId":"275A82D6-5656-4062-A166-455CF0CA9ACC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94078","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/659477","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94078","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/659477","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5199","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file."},{"lang":"es","value":"Un error por un paso resultando en una asignación de tamaño cero en FFmpeg en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente una corrupción de memoria a través de un archivo de vídeo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.87","matchCriteriaId":"8E02D434-11DB-4554-8DFE-6089B54B9647"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94196","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037273","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/643948","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94196","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/643948","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5200","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"V8 en Google Chrome anterior a 54.0.2840.98 para Mac y 54.0.2840.99 para Windows y 54.0.2840.100 para Linux y 55.0.2883.84 para Android aplica incorrectamente reglas de tipo, lo que permite a atacantes remotos explotar potencialmente una corrupción de memoria a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.87","matchCriteriaId":"8E02D434-11DB-4554-8DFE-6089B54B9647"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94196","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037273","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/658114","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94196","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/658114","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5201","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page."},{"lang":"es","value":"Un fuga de privateClass en la API de extensiones en Google Chrome anterior a 54.0.2840.100 para Linux y 54.0.2840.99 para Windows y 54.0.2840.98 para Mac permitió a un atacante remoto acceder a código JavaScript privilegiado a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.87","matchCriteriaId":"8E02D434-11DB-4554-8DFE-6089B54B9647"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94196","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037273","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/660678","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2718.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94196","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/660678","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201611-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5203","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."},{"lang":"es","value":"Un uso después de liberación de memoria en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente una corrupción de memoria a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/644219","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/644219","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5204","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"La filtración de un árbol de sombra SVG dando lugar a corrupción del árbol DOM en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/630870","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/630870","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5205","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac, maneja incorrectamente cargas de página diferida, lo que permite a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/646610","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/646610","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5206","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page."},{"lang":"es","value":"El plugin PDF en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android redirecciona seguimiento incorrectamente, lo que permitió a un atacante remoto eludir la Same Origin Policy a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/653749","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/653749","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5207","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page."},{"lang":"es","value":"En Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android, la corrupción del árbol DOM puede ocurrir durante la eliminación de un elemento de pantalla completa, lo que permitió a un atacante remoto conseguir ejecución de código a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/655904","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/655904","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5208","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome anterior a 55.0.2883.75 para Linux y Windows y 55.0.2883.84 para Android permitió una posible corrupción del árbol DOM durante el manejo del evento sincronizado, lo que permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/658535","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/658535","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5209","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Mal casting en la manipulación de bitmap en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente corrupción de memoria a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/664139","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/664139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5210","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.590","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica durante el análisis de imagen TIFF en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente corrupción de memoria a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/654183","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/654183","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5211","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file."},{"lang":"es","value":"Un uso después de liberación de memoria en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar corrupción de memoria a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/649229","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/649229","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5212","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page."},{"lang":"es","value":"Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android desinfecta insuficientemente URLs DevTools, lo que permitió a un atacante remoto leer archivos locales a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/653134","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/653134","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5213","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Un uso después de liberación de memoria en V8 en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente corrupción de memoria a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/652548","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/652548","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5214","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.730","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page."},{"lang":"es","value":"Google Chrome anterior a 55.0.2883.75 para Windows no maneja adecuadamente archivos descargados, lo que permitió a un atacante remoto impedir que el archivo descargado recibiera la Mark de la Web a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/601538","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/601538","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5215","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."},{"lang":"es","value":"Un uso después de liberación de memoria en webaudio en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto realizar una lectura de la memoria fuera de límites a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/619463","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/619463","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5216","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.793","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file."},{"lang":"es","value":"Un uso después de liberación de memoria en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto realizar una lectura de la memoria fuera de límites a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/653090","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/653090","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5217","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.823","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page."},{"lang":"es","value":"La API de extensiones en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux permite acceso de manera incorrecta a plugins privilegiados, lo que permitió a un atacante remoto eludir el aislamiento del sitio a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/654280","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/654280","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5218","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.870","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data."},{"lang":"es","value":"La API de extensiones en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja incorrectamente la navegación en PDFs, lo que permitió a un atacante remoto suplantar temporalmente los contenidos de la Omnibox (barra de URL) a través de una página HTML manipulada que contiene datos PDF."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/660498","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/660498","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5219","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.900","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Un uso después de liberación de memoria en V8 en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente corrupción de memoria a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/657568","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/657568","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5220","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file."},{"lang":"es","value":"PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja incorrectamente la navegación en PDFs, lo que permitió a un atacante remoto leer archivos locales a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/654279","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/654279","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5221","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.963","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page."},{"lang":"es","value":"Confusión de tipo en libGLESv2 en ANGLE en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android posiblemente permitió a un atacante remoto eludir la validación del búfer a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/660854","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/660854","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5222","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:00.997","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."},{"lang":"es","value":"Manejo incorrecto de URLs no válidas en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto suplantar los contenidos de la Omnibox (barra de URL) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/657720","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/657720","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5223","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:01.027","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file."},{"lang":"es","value":"Vulnerabilidad de desbordamiento de entero en PDFium en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante remoto explotar potencialmente la corrupción de memoria o DoS a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/652038","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/652038","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5224","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:01.057","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page."},{"lang":"es","value":"Un ataque de tiempo en aritmética de punto flotante desnormalizada en filtros SVG en Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android permitió a un atacante eludir la Same Origin Policy a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/615851","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/615851","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5225","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:01.103","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android manejó incorrectamente acciones de formularios, lo que permitió a un atacante remoto eludir la Content Security Policy a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/630332","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/630332","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5226","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:01.120","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar."},{"lang":"es","value":"Blink en Google Chrome anterior a 55.0.2883.75 para Linux, Windows y Mac ejecutó javascript: las URLs escritas en la barra de URL en el contexto de la pestaña actual, lo que permitió a un usuario de ingeniería social realizar XSS por si mismos arrastrando y soltando un javascript: URL en la barra de URL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/639750","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/639750","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9650","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-01-19T05:59:01.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome anterior a 55.0.2883.75 para Mac, Windows y Linux y 55.0.2883.84 para Android maneja iframes incorrectamente, lo que permitió a un atacante remoto eludir una política no referida a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"54.0.2840.99","matchCriteriaId":"85349E1C-5290-4A05-B79B-142BE5B508B5"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/94633","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/653034","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2919.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2016/12/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/653034","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-11","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-8212","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program."},{"lang":"es","value":"Fallo de manejo de CGI en bozohttpd en NetBSD 6.0 hasta la versión 6.0.6, 6.1 hasta la versión 6.1.5 y 7.0 permite a atacantes remotos ejecutar código arbitrario a través de argumentos manipulados, que son manejados por un programa no-CGI consciente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C23BD3A0-E5AD-4893-AAAF-E2858B4128CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1510AD8C-14AC-4649-AE37-5310575B3E3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44D36CD7-FE10-4A72-8364-DE3EFD49AB4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"24469F6E-FC82-416A-9639-8FC37BE9745F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A4E28965-1C24-43CC-AFAA-5716D8F6CC6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*","matchCriteriaId":"368CB806-F671-481F-A9BE-DC320F82E5B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EF7E45F6-2EE9-4E97-B502-F48F2DDC5F3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*","matchCriteriaId":"69CAE756-335E-4E02-83F9-B274D416775C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D3784838-1A43-4C46-A730-4CB88594A449"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F555CE26-6E23-4E7A-A138-6F675EA9BEAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"69071B74-471C-42C0-AF2D-2D278D355250"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*","matchCriteriaId":"1C501514-768D-4AC0-8797-152763F24F0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*","matchCriteriaId":"79D2486C-5C39-40C7-B87B-969800F730C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A0363300-1ACF-4F3E-97F2-F0AFA3F9EBDC"}]}]}],"references":[{"url":"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1035673","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1035673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-10075","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory."},{"lang":"es","value":"El módulo tqdm._version en tqdm en versiones 4.4.1 y 4.10 permite a usuarios locales ejecutar código arbitrario a través de un repo manipulado con un registro git malicioso en el directorio de trabajo actual."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-17"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tqdm_project:tqdm:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B8A1B5D8-94FF-47D2-878A-BE236CA13EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:tqdm_project:tqdm:4.10:*:*:*:*:*:*:*","matchCriteriaId":"B752A604-0DD3-4D0B-868B-B4D78089B1AA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/28/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95143","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tqdm/tqdm/issues/328","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201807-01","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95143","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tqdm/tqdm/issues/328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201807-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7543","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables."},{"lang":"es","value":"Bash en versiones anteriores a 4.4 permite a usuarios locales ejecutar comandos arbitrarios con privilegios root a través de variables de entorno SHELLOPTS y PS4 manipuladas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3","matchCriteriaId":"F4DBE402-1B0A-4854-ABE5-891321454C25"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0725.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93183","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037812","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1931","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/","source":"cve@mitre.org"},{"url":"https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0725.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93183","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037812","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1931","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05388115","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7XOQSHU63Y357NHU5FPTFBM6I3YOCQB/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU3C756YPHDAAPFX76UGZBAQQQ5UMHS5/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2VRBSIPZDZ75ZQ2DLITHUIDW4W26KVR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.gnu.org/archive/html/bug-bash/2016-09/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7545","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call."},{"lang":"es","value":"SELinux policycoreutils permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:selinux_project:selinux:-:*:*:*:*:*:*:*","matchCriteriaId":"4C42EBCF-BAC2-43F9-945A-E95A1B1B9078"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*","matchCriteriaId":"3C84489B-B08C-4854-8A12-D01B6E45CF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2702.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0535.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0536.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/25/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93156","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037283","source":"cve@mitre.org"},{"url":"https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/","source":"cve@mitre.org"},{"url":"https://marc.info/?l=selinux&m=147465160112766&w=2","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2702.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0535.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0536.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93156","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037283","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UPRNK3PWMAVNJZ53YW5GOEOGJSFNAQIF/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://marc.info/?l=selinux&m=147465160112766&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7793","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL."},{"lang":"es","value":"sociomantic-tsunami git-hub en versiones anteriores a 0.10.3 permite a atacantes remotos ejecutar código arbitrario a través de una URL de repositorio manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sociomantic:git-hub:*:*:*:*:*:*:*:*","versionEndIncluding":"0.10.2","matchCriteriaId":"BF4557B9-8981-4A15-B679-CA02C2174E44"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93249","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sociomantic-tsunami/git-hub/issues/197","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93249","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sociomantic-tsunami/git-hub/issues/197","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7794","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name."},{"lang":"es","value":"sociomantic-tsunami git-hub en versiones anteriores a 0.10.3 permite a atacantes remotos ejecutar código arbitrario a través de un nombre de repositorio manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sociomantic:git-hub:*:*:*:*:*:*:*:*","versionEndIncluding":"0.10.2","matchCriteriaId":"BF4557B9-8981-4A15-B679-CA02C2174E44"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93249","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sociomantic-tsunami/git-hub/issues/197","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93249","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sociomantic-tsunami/git-hub/issues/197","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9016","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T20:59:00.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call."},{"lang":"es","value":"Firejail 0.9.38.4 permite a usuarios locales ejecutar comandos arbitrarios fuera de la sandbox a través de una llamada ioctl TIOCSTI manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:firejail_project:firejail:0.9.38.4:*:*:*:*:*:*:*","matchCriteriaId":"5F0B5E7C-780F-4054-9200-2612CD0A8A25"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/25/3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/25/9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93899","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/25/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/25/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93899","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5725","sourceIdentifier":"cve@mitre.org","published":"2017-01-19T22:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\\ (dot dot backslash) in a response to a recursive GET command."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en JCraft JSch en versiones anteriores a 0.1.54 en Windows, cuando el modo es ChannelSftp.OVERWRITE, permite a servidores SFTP remotos escribir a archivos arbitrarios a través de una .. \\ (punto punto barra hacia atrás) en una respuesta a un comando GET recursivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jcraft:jsch:*:*:*:*:*:*:*:*","versionEndIncluding":"0.1.53","matchCriteriaId":"34183875-C885-4586-9705-124BAD50B3A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Sep/53","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.jcraft.com/jsch/ChangeLog","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/93100","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3115","source":"cve@mitre.org"},{"url":"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40411/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Sep/53","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.jcraft.com/jsch/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/93100","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3115","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40411/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10143","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field."},{"lang":"es","value":"Una vulnerabilidad en Tiki Wiki CMS 15.2 podría permitir a un atacante remoto leer archivos arbitrarios en un sistema objetivo a través de un nombre de ruta manipulado en un campo URL banner."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:15.2:*:*:*:*:*:*:*","matchCriteriaId":"F88EB9F2-F9C5-4BB7-9C29-74049BB7C2DC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96787","source":"cve@mitre.org"},{"url":"https://dev.tiki.org/item6174","source":"cve@mitre.org","tags":["Permissions Required"]},{"url":"https://sourceforge.net/p/tikiwiki/code/60308/","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96787","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://dev.tiki.org/item6174","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://sourceforge.net/p/tikiwiki/code/60308/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5012","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 3.x, glossary search displays entries without checking user permissions to view them."},{"lang":"es","value":"En Moodle 3.x, la búsqueda de glosario muestra entradas sin verificar los permisos de usuario para verlas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*","matchCriteriaId":"A1F5E2DD-495F-4C4E-92B9-5481D432BC12"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*","matchCriteriaId":"16158B28-FE97-4BF3-BCDF-D754B5158825"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*","matchCriteriaId":"C8B58722-61EF-4283-A434-A022583C528A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92041","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336697","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92041","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5013","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam."},{"lang":"es","value":"En Moodle 2.x y 3.x, puede ocurrir inyección de texto en las cabeceras de email, conduciendo potencialmente a salida de spam."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.14","matchCriteriaId":"395C67C8-C6B4-4490-96B4-9004EC02FCD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92040","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336698","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92040","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336698","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5014","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course."},{"lang":"es","value":"En Moodle 2.x y 3.x, un usuario no registrado sigue recibiendo notificaciones de supervisión de eventos aunque no pueda acceder al curso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92042","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336699","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=336699","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7038","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed."},{"lang":"es","value":"En Moodle 2.x y 3.x, tokens de servicio web no son invalidados cuando la contraseña de usuario es cambiada o se obliga a cambiarla."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.15","matchCriteriaId":"14E3BCF7-CE60-43EE-8738-38F729C6B3C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*","matchCriteriaId":"62F27D6B-01A9-43EA-B5FF-28BB90DA6935"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E70D9F51-1353-4030-B164-1F9F7F7C0F0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93174","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=339631","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93174","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=339631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8642","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, the question engine allows access to files that should not be available."},{"lang":"es","value":"En Moodle 2.x y 3.x, el motor de consultas permite acceder a archivos que no deberían estar disponibles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.16","matchCriteriaId":"C6B5112F-FE75-4BDE-962D-3B235F8F31CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*","matchCriteriaId":"62F27D6B-01A9-43EA-B5FF-28BB90DA6935"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.8:*:*:*:*:*:*:*","matchCriteriaId":"2EFDDA05-8D65-4D3B-BFBC-672C760D0ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E70D9F51-1353-4030-B164-1F9F7F7C0F0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0E9118B8-81E1-406C-9D58-5CAAE4F8EAA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"798441F2-2FE1-4335-A87C-08067C411718"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94441","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343275","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94441","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8643","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services."},{"lang":"es","value":"En Moodle 2.x y 3.x, gestores del sitio no administradores podrían editar accidentalmente los administradores a través de los servicios web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.16","matchCriteriaId":"C6B5112F-FE75-4BDE-962D-3B235F8F31CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*","matchCriteriaId":"62F27D6B-01A9-43EA-B5FF-28BB90DA6935"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.8:*:*:*:*:*:*:*","matchCriteriaId":"2EFDDA05-8D65-4D3B-BFBC-672C760D0ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E70D9F51-1353-4030-B164-1F9F7F7C0F0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0E9118B8-81E1-406C-9D58-5CAAE4F8EAA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"798441F2-2FE1-4335-A87C-08067C411718"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94457","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343276","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94457","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343276","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8644","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context."},{"lang":"es","value":"En Moodle 2.x y 3.x, la capacidad de ver notas de curso se comprueba en el contexto incorrecto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.16","matchCriteriaId":"C6B5112F-FE75-4BDE-962D-3B235F8F31CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*","matchCriteriaId":"62F27D6B-01A9-43EA-B5FF-28BB90DA6935"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.8:*:*:*:*:*:*:*","matchCriteriaId":"2EFDDA05-8D65-4D3B-BFBC-672C760D0ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E70D9F51-1353-4030-B164-1F9F7F7C0F0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0E9118B8-81E1-406C-9D58-5CAAE4F8EAA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"798441F2-2FE1-4335-A87C-08067C411718"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94458","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343277","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94458","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=343277","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2576","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums."},{"lang":"es","value":"En Moodle 2.x y 3.x, hay una desinfección incorrecta de atributos en foros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.17","matchCriteriaId":"45E88468-55DB-4101-9135-1B994EBA542A"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"12737AF4-B2D5-4661-B06A-6A06FE95EC2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"88C59A94-D225-478A-B23E-41C4324BC643"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"192EA69B-A1E1-4E0D-8E73-76EB74CCDE49"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"D88385B1-EEFB-4825-BD8F-215C39FD86DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"A3BE2782-D167-4237-B57D-2E4C04571524"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"F277F979-12FA-47A5-B0A5-D174C2127A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"38498617-8E45-4E73-AE9F-C7A0D18FDE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"C9047769-BFF4-42DB-8B19-F6D16FA910A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"73A75ACE-FED2-4830-B259-744ABF25463E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.9:*:*:*:*:*:*:*","matchCriteriaId":"F04EBA18-DFFF-4529-B647-98191325663B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.10:*:*:*:*:*:*:*","matchCriteriaId":"A3A746AB-5D58-4196-962A-D22454C3550B"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.11:*:*:*:*:*:*:*","matchCriteriaId":"B549AD98-4DC5-4BE8-B3E0-3EEF1833E6D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9F030E8C-0C49-41DC-9D40-A704A563C156"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"C9224D94-1C48-468C-A39B-B2694ED178F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.1:*:*:*:*:*:*:*","matchCriteriaId":"1C7EE9AD-E122-4288-9416-6D8F8790D75D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.2:*:*:*:*:*:*:*","matchCriteriaId":"C4FC2CC1-787B-480F-BC41-538CE2507CB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.3:*:*:*:*:*:*:*","matchCriteriaId":"098BADF2-C1D3-406E-9E79-E25483178C99"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.4:*:*:*:*:*:*:*","matchCriteriaId":"611B027A-38D6-445E-BFA9-FA68524147DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.5:*:*:*:*:*:*:*","matchCriteriaId":"5654B446-F7A5-49D4-90D9-478C18220A32"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.6:*:*:*:*:*:*:*","matchCriteriaId":"4E7CA637-D1BF-437D-8AD9-A21AE97E8681"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.7:*:*:*:*:*:*:*","matchCriteriaId":"62F27D6B-01A9-43EA-B5FF-28BB90DA6935"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.8:*:*:*:*:*:*:*","matchCriteriaId":"2EFDDA05-8D65-4D3B-BFBC-672C760D0ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:2.9.9:*:*:*:*:*:*:*","matchCriteriaId":"2521684D-F25D-495B-8D34-DB8748E063BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8C22EB95-6D8F-45F8-A000-795E259CF06D"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"65FE0DC7-131E-4ED1-9CFF-70C79995A0B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"80B3EEF9-F300-461F-9407-0FFB3E3CD421"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0C702CFE-417E-45E2-94DD-07A9DADDA89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"9D6DBB2B-5DAF-452F-9336-F8AB5825F638"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E70D9F51-1353-4030-B164-1F9F7F7C0F0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0E9118B8-81E1-406C-9D58-5CAAE4F8EAA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.0.7:*:*:*:*:*:*:*","matchCriteriaId":"5D1A9221-1536-4989-A2B0-CD5C348B035A"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"798441F2-2FE1-4335-A87C-08067C411718"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2479F7AE-8DC6-45CE-99E5-5063FE854635"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"03AE2C05-6EC3-42FA-82BC-48177EC2BD72"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95649","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=345912","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95649","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=345912","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2578","sourceIdentifier":"secalert@redhat.com","published":"2017-01-20T08:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Moodle 3.x, there is XSS in the assignment submission page."},{"lang":"es","value":"En Moodle 3.x, hay XSS en la página de envío de asignaciones."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0033EC68-98DB-42E6-A256-EFA05F6EC72E"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*","matchCriteriaId":"A1F5E2DD-495F-4C4E-92B9-5481D432BC12"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*","matchCriteriaId":"16158B28-FE97-4BF3-BCDF-D754B5158825"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*","matchCriteriaId":"C8B58722-61EF-4283-A434-A022583C528A"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"27EC92C0-87A6-4D86-B940-C907EC4153ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"798441F2-2FE1-4335-A87C-08067C411718"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2479F7AE-8DC6-45CE-99E5-5063FE854635"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"03AE2C05-6EC3-42FA-82BC-48177EC2BD72"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*","matchCriteriaId":"3A427510-6E46-4D0D-9BA6-C7D496D5FC13"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"B3F6B28F-694A-4F7B-AB46-3F733C2423EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"53C84D53-E3E6-4FEA-A5EE-EFF793A24163"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*","matchCriteriaId":"AC0A7BB8-AE92-454F-976B-4C851A3AB50F"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*","matchCriteriaId":"294BD385-E050-4124-80BE-28A48D893DF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*","matchCriteriaId":"842BB818-567E-4D57-9D21-5992244B4C8A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95647","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=345915","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95647","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://moodle.org/mod/forum/discuss.php?d=345915","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5541","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en template/usererror.missing_extension.php en Symphony CMS en versiones anteriores a 2.6.10 permite a atacantes remotos renombrar archivos arbitrarios a través de un .. (dot dot) en los parámetros de carpeta existente y nueva carpeta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.9","matchCriteriaId":"0A93B3B7-30C5-42C4-A298-AD37FE96F010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95689","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/issues/2639","source":"cve@mitre.org","tags":["VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/releases/tag/2.6.10","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/95689","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/issues/2639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/releases/tag/2.6.10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2017-5542","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en template/usererror.missing_extension.php en Symphony CMS en versiones anteriores a 2.6.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de carpeta existente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:getsymphony:symphony:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.9","matchCriteriaId":"0A93B3B7-30C5-42C4-A298-AD37FE96F010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95686","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/issues/2639","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://github.com/symphonycms/symphony-2/releases/tag/2.6.10","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/95686","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/symphonycms/symphony-2/issues/2639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/symphonycms/symphony-2/releases/tag/2.6.10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2017-5543","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T08:59:00.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request."},{"lang":"es","value":"includes/classes/ia.core.users.php en Subrion CMS 4.0.5 permite a atacantes remotos llevar a cabo ataques PHP Object Injection a través de datos serializados manipulados en una salt cookie en una petición de inicio de sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intelliants:subrion:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"441962C9-D1ED-4EA4-B8C4-02F293870681"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95688","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/intelliants/subrion/issues/297","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95688","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/intelliants/subrion/issues/297","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2014-2045","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en las interfaces antigua y nueva en Viprinet Multichannel VPN Router 300 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de usuario cuando (1) inicia sesión o (2) se crea una nueva cuenta en la interfaz antigua, (3) nombre de usuario cuando crea una nueva cuenta en la interfaz nueva, (4) nombre de anfitrión en la interfaz antigüa, (5) inspeccionar el parámetro en el módulo de configuración, (6) parámetro de comandos en la herramienta atcommands o (7) parámetro anfitrión en la herramienta de ping."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*","matchCriteriaId":"339FD28A-88C5-4C8F-8BFA-06AF6B3A207C"},{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*","matchCriteriaId":"178D8271-3C33-44A9-9820-F5A559A696F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*","matchCriteriaId":"9220DA03-6664-450A-A57A-DFB45A8B3938"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/39407/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/39407/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2014-9754","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack."},{"lang":"es","value":"El cliente VPN de hardware en Viprinet MultichannelVPN Router 300 versión 2013070830/2013080900 no valida la identidad VPN remota de punto final (a través de la verificación de la clave SSL de punto final) antes de iniciar el intercambio, lo que permite a un atacante llevar a cabo un ataque Man in the Middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*","matchCriteriaId":"339FD28A-88C5-4C8F-8BFA-06AF6B3A207C"},{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*","matchCriteriaId":"178D8271-3C33-44A9-9820-F5A559A696F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*","matchCriteriaId":"9220DA03-6664-450A-A57A-DFB45A8B3938"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-9755","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers to perform a replay attack."},{"lang":"es","value":"El cliente VPN de hardware en Viprinet MultichannelVPN Router 300 versión 2013070830/2013080900 no valida la identidad VPN remota de punto final (a través de la verificación de la clave SSL de punto final) antes de iniciar el intercambio, lo que permite a atacantes remotos llevar a cabo un ataque de repetición."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013070830:*:*:*:*:*:*:*","matchCriteriaId":"339FD28A-88C5-4C8F-8BFA-06AF6B3A207C"},{"vulnerable":true,"criteria":"cpe:2.3:o:viprinet:multichannel_vpn_router_300_firmware:2013080900:*:*:*:*:*:*:*","matchCriteriaId":"178D8271-3C33-44A9-9820-F5A559A696F4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:viprinet:multichannel_vpn_router_300:-:*:*:*:*:*:*:*","matchCriteriaId":"9220DA03-6664-450A-A57A-DFB45A8B3938"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/135614/Viprinet-Multichannel-VPN-Router-300-Identity-Verification-Fail.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Feb/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537441/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5316","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool."},{"lang":"es","value":"Lectura fuera de límites en la función PixarLogCleanup en tif_pixarlog.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos bloquear la aplicación enviando una imagen TIFF manipulada a la herramienta rgb2ycbcr."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91203","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91203","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5317","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file."},{"lang":"es","value":"Desbordamiento de búfer en la función PixarLogDecode en libtiff.so en la función PixarLogDecode en libtiff 4.0.6 y versiones anteriores, como se utiliza en GNOME nautilus, permite a atacantes provocar un ataque de denegación de servicio (caída) a través de un archivo TIFF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"33708995-494C-476D-B0E3-1E78B9328699"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91208","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-07/msg00087.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-09/msg00090.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5318","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función _TIFFVGetField en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos bloquear la aplicación a través de un tiff manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/27/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/07/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88604","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3606-1/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/04/27/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3606-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5319","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.443","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en tif_packbits.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos bloquear la aplicación a través de un archivo bmp manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/27/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/07/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88604","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/04/27/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5321","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image."},{"lang":"es","value":"La función DumpModeDecode en libtiff 4.0.6 y versiones anteriores permite a atacantes provocar una denegación de servicio (lectura no válida y caída) a través de una imagen tiff manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","matchCriteriaId":"A10BC294-9196-425F-9FB0-B1625465B47F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/91209","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/91209","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5323","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image."},{"lang":"es","value":"La función _TIFFFax3fillruns en libtiff en versiones anteriores a 4.0.6 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída de aplicación) a través de una imagen Tiff manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91196","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6253","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.567","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox."},{"lang":"es","value":"mail.local en NetBSD en versiones desde 6.0 hasta la versión 6.0.6, 6.1 hasta la versión 6.1.5 y 7.0 permite a usuarios locales cambiar la propiedad o anexar datos a archivos arbitrarios en el sistema objetivo a través de un ataque de enlace simbólico en el buzón de usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C23BD3A0-E5AD-4893-AAAF-E2858B4128CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1510AD8C-14AC-4649-AE37-5310575B3E3F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44D36CD7-FE10-4A72-8364-DE3EFD49AB4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"24469F6E-FC82-416A-9639-8FC37BE9745F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A4E28965-1C24-43CC-AFAA-5716D8F6CC6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*","matchCriteriaId":"368CB806-F671-481F-A9BE-DC320F82E5B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EF7E45F6-2EE9-4E97-B502-F48F2DDC5F3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*","matchCriteriaId":"69CAE756-335E-4E02-83F9-B274D416775C"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D3784838-1A43-4C46-A730-4CB88594A449"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F555CE26-6E23-4E7A-A138-6F675EA9BEAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"69071B74-471C-42C0-AF2D-2D278D355250"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*","matchCriteriaId":"1C501514-768D-4AC0-8797-152763F24F0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*","matchCriteriaId":"79D2486C-5C39-40C7-B87B-969800F730C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:netbsd:netbsd:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A0363300-1ACF-4F3E-97F2-F0AFA3F9EBDC"}]}]}],"references":[{"url":"http://akat1.pl/?id=2","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92101","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036429","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40141/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40385/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://akat1.pl/?id=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2016-006.txt.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/138021/NetBSD-mail.local-8-Local-Root.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.rapid7.com/db/modules/exploit/unix/local/netbsd_mail_local","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036429","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40141/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40385/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9435","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags."},{"lang":"es","value":"La función HTMLtagproc1 en file.c en w3m en versiones anteriores a 0.5.3+git20161009 no inicia valores adecuadamente, lo que permite a atacantes remotos bloquear la aplicación a través de un archivo html manipulado, relacionado con etiquetas \n<dd>\n .\n</dd>"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.3\\+git20160718","matchCriteriaId":"F59B7474-3DF8-4151-A9EA-FEA693FC8A32"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94407","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/tats/w3m/issues/16","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-08","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94407","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/tats/w3m/issues/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9436","sourceIdentifier":"cve@mitre.org","published":"2017-01-20T15:59:00.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag."},{"lang":"es","value":"parsetagx.c en w3m en versiones anteriores a 0.5.3+git20161009 no inicia valores adecuadamente, lo que permite a atacantes remotos bloquear la aplicación a través de un archivo html manipulado, relacionado con una etiqueta \n<i>.</i>"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.3\\+git20160718","matchCriteriaId":"F59B7474-3DF8-4151-A9EA-FEA693FC8A32"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94407","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Technical Description"]},{"url":"https://github.com/tats/w3m/issues/16","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-08","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94407","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Technical Description"]},{"url":"https://github.com/tats/w3m/issues/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5545","sourceIdentifier":"cve@mitre.org","published":"2017-01-21T01:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The main function in plistutil.c in libimobiledevice libplist through 1.12 allows attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read) via Apple Property List data that is too short."},{"lang":"es","value":"La función principal en plistutil.c en libimobiledevice libplist hasta la versión 1.12 permite a atacantes obtener información sensible de la memoria de proceso o provocar una denegación de servicio (sobre lectura del búfer) a través de datos Apple Property List que son demasiado cortos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libimobiledevice:libplist:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"4201391B-6535-4AE4-87AD-4112C3F2B48A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95702","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libimobiledevice/libplist/issues/87","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95702","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libimobiledevice/libplist/issues/87","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10101","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd. Users have the Read attribute, which allows an attacker to recover the encrypted password to access the Password Manager."},{"lang":"es","value":"Puede ocurrir divulgación de información puede ocurrir en Hitek Software's Automize 10.x y 11.x passManager.jsd. Los usuarios tienen el atributo Read, el cual permite a un atacante recuperar la contraseña cifrada para acceder a Password Manager."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"},{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*","matchCriteriaId":"3A7C2457-43EB-4486-A120-B7D459FC279B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*","matchCriteriaId":"35EAE4F6-29CE-4D20-8567-2220905A4783"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*","matchCriteriaId":"722B055A-E157-46AA-9919-0BE7491B15E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*","matchCriteriaId":"3913B250-2602-4943-A45E-407118445FBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*","matchCriteriaId":"6727427E-834D-42A8-8182-2C5FDFE520C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*","matchCriteriaId":"052CF7DA-98F0-4390-8FAE-5AF5F42708EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*","matchCriteriaId":"A83DAF2F-569D-433B-85E1-138AEADF4E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*","matchCriteriaId":"42CC6578-8DFA-4500-AF77-9DC73834C8E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*","matchCriteriaId":"7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*","matchCriteriaId":"EEAC4542-BC4D-4DEA-8D7B-C750951E825F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*","matchCriteriaId":"974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*","matchCriteriaId":"DA0C77C1-D835-4539-809C-1D6E805D40AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*","matchCriteriaId":"E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*","matchCriteriaId":"DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*","matchCriteriaId":"474F086B-D331-498F-9313-159BC005BB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*","matchCriteriaId":"A17B080F-E6A3-4A3D-B600-22466C45C82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*","matchCriteriaId":"A464860D-5D5D-4065-A7C6-BBE5DC9139D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*","matchCriteriaId":"AF9197BC-92AB-4927-8805-494B39A2953A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*","matchCriteriaId":"1B27121A-7B58-4548-935F-57C1FF187EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*","matchCriteriaId":"073ED514-E2CC-4D18-A9F4-9654E9161727"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*","matchCriteriaId":"9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*","matchCriteriaId":"43826AA5-62A0-4452-8EC4-098982867CA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*","matchCriteriaId":"DDEA6E6A-D111-4320-BF3A-E5B7CC397423"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*","matchCriteriaId":"63FADFB7-14A0-4C13-8853-40EACFBDBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*","matchCriteriaId":"3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*","matchCriteriaId":"61137963-5766-4F2E-B4A2-EDA5A4469720"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*","matchCriteriaId":"C7682507-9EA1-468D-8D8C-7060F068EA61"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*","matchCriteriaId":"BF9EAFEE-3A59-4350-903E-D46AC9185FFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*","matchCriteriaId":"0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*","matchCriteriaId":"00C18571-A34F-4B61-B7FA-3649E31BA513"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*","matchCriteriaId":"7F7BE139-0DC5-4008-A974-D1A01E1758EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*","matchCriteriaId":"449AC115-FF3D-4D40-9D8A-8439625D3410"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*","matchCriteriaId":"84A099DF-F17F-47A3-A17E-C397445A3430"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*","matchCriteriaId":"4E680BB2-8E4B-407E-813E-661D8880DF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*","matchCriteriaId":"0A1EF835-E571-4985-96DC-1703BF3F3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*","matchCriteriaId":"E7C74206-9610-4725-8AB9-CEBD6213DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*","matchCriteriaId":"E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*","matchCriteriaId":"E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*","matchCriteriaId":"90166099-D6E9-4346-9C24-1E2CB3FC2455"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.15:*:*:*:*:*:*:*","matchCriteriaId":"1FF77724-8499-4683-BF8C-4D6F8BA53D66"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96840","source":"cve@mitre.org"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96840","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10102","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected."},{"lang":"es","value":"hitek.jar en Hitek Software's Automize utiliza cifrado débil al cifrar las contraseñas de los perfiles SSH/SFTP y Encryption. Esto permite a un atacante recuperar las contraseñas cifradas de sshProfiles.jsd y encryptionProfiles.jsd y descifrarlas para recuperar contraseñas de texto plano. Todas las versiones 10.x hasta la 10.25 inclusive y todas las versiones 11.x hasta la 11.14 inclusive se verifican afectadas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*","matchCriteriaId":"3A7C2457-43EB-4486-A120-B7D459FC279B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*","matchCriteriaId":"35EAE4F6-29CE-4D20-8567-2220905A4783"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*","matchCriteriaId":"722B055A-E157-46AA-9919-0BE7491B15E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*","matchCriteriaId":"3913B250-2602-4943-A45E-407118445FBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*","matchCriteriaId":"6727427E-834D-42A8-8182-2C5FDFE520C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*","matchCriteriaId":"052CF7DA-98F0-4390-8FAE-5AF5F42708EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*","matchCriteriaId":"A83DAF2F-569D-433B-85E1-138AEADF4E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*","matchCriteriaId":"42CC6578-8DFA-4500-AF77-9DC73834C8E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*","matchCriteriaId":"7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*","matchCriteriaId":"EEAC4542-BC4D-4DEA-8D7B-C750951E825F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*","matchCriteriaId":"974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*","matchCriteriaId":"DA0C77C1-D835-4539-809C-1D6E805D40AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*","matchCriteriaId":"E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*","matchCriteriaId":"DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*","matchCriteriaId":"474F086B-D331-498F-9313-159BC005BB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*","matchCriteriaId":"A17B080F-E6A3-4A3D-B600-22466C45C82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*","matchCriteriaId":"A464860D-5D5D-4065-A7C6-BBE5DC9139D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*","matchCriteriaId":"AF9197BC-92AB-4927-8805-494B39A2953A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*","matchCriteriaId":"1B27121A-7B58-4548-935F-57C1FF187EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*","matchCriteriaId":"073ED514-E2CC-4D18-A9F4-9654E9161727"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*","matchCriteriaId":"9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*","matchCriteriaId":"43826AA5-62A0-4452-8EC4-098982867CA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*","matchCriteriaId":"DDEA6E6A-D111-4320-BF3A-E5B7CC397423"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*","matchCriteriaId":"63FADFB7-14A0-4C13-8853-40EACFBDBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*","matchCriteriaId":"3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*","matchCriteriaId":"61137963-5766-4F2E-B4A2-EDA5A4469720"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*","matchCriteriaId":"C7682507-9EA1-468D-8D8C-7060F068EA61"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*","matchCriteriaId":"BF9EAFEE-3A59-4350-903E-D46AC9185FFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*","matchCriteriaId":"0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*","matchCriteriaId":"00C18571-A34F-4B61-B7FA-3649E31BA513"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*","matchCriteriaId":"7F7BE139-0DC5-4008-A974-D1A01E1758EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*","matchCriteriaId":"449AC115-FF3D-4D40-9D8A-8439625D3410"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*","matchCriteriaId":"84A099DF-F17F-47A3-A17E-C397445A3430"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*","matchCriteriaId":"4E680BB2-8E4B-407E-813E-661D8880DF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*","matchCriteriaId":"0A1EF835-E571-4985-96DC-1703BF3F3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*","matchCriteriaId":"E7C74206-9610-4725-8AB9-CEBD6213DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*","matchCriteriaId":"E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*","matchCriteriaId":"E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*","matchCriteriaId":"90166099-D6E9-4346-9C24-1E2CB3FC2455"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96848","source":"cve@mitre.org"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96848","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10103","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for GPG Encryption profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."},{"lang":"es","value":"Puede ocurrir divulgación de información en encryptionProfiles.jsd en Hitek Software's Automize debido a que el atributo Read se establece para Usuarios. Esto permite a un atacante recuperar contraseñas cifradas para perfiles GPG Encryption. Se verifica en todas las versiones hasta la 10.x incluyendo la 10.25 y todas las versiones hasta la 11.x incluyendo la 11.14."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"},{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*","matchCriteriaId":"3A7C2457-43EB-4486-A120-B7D459FC279B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*","matchCriteriaId":"35EAE4F6-29CE-4D20-8567-2220905A4783"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*","matchCriteriaId":"722B055A-E157-46AA-9919-0BE7491B15E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*","matchCriteriaId":"3913B250-2602-4943-A45E-407118445FBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*","matchCriteriaId":"6727427E-834D-42A8-8182-2C5FDFE520C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*","matchCriteriaId":"052CF7DA-98F0-4390-8FAE-5AF5F42708EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*","matchCriteriaId":"A83DAF2F-569D-433B-85E1-138AEADF4E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*","matchCriteriaId":"42CC6578-8DFA-4500-AF77-9DC73834C8E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*","matchCriteriaId":"7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*","matchCriteriaId":"EEAC4542-BC4D-4DEA-8D7B-C750951E825F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*","matchCriteriaId":"974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*","matchCriteriaId":"DA0C77C1-D835-4539-809C-1D6E805D40AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*","matchCriteriaId":"E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*","matchCriteriaId":"DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*","matchCriteriaId":"474F086B-D331-498F-9313-159BC005BB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*","matchCriteriaId":"A17B080F-E6A3-4A3D-B600-22466C45C82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*","matchCriteriaId":"A464860D-5D5D-4065-A7C6-BBE5DC9139D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*","matchCriteriaId":"AF9197BC-92AB-4927-8805-494B39A2953A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*","matchCriteriaId":"1B27121A-7B58-4548-935F-57C1FF187EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*","matchCriteriaId":"073ED514-E2CC-4D18-A9F4-9654E9161727"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*","matchCriteriaId":"9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*","matchCriteriaId":"43826AA5-62A0-4452-8EC4-098982867CA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*","matchCriteriaId":"DDEA6E6A-D111-4320-BF3A-E5B7CC397423"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*","matchCriteriaId":"63FADFB7-14A0-4C13-8853-40EACFBDBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*","matchCriteriaId":"3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*","matchCriteriaId":"61137963-5766-4F2E-B4A2-EDA5A4469720"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*","matchCriteriaId":"C7682507-9EA1-468D-8D8C-7060F068EA61"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*","matchCriteriaId":"BF9EAFEE-3A59-4350-903E-D46AC9185FFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*","matchCriteriaId":"0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*","matchCriteriaId":"00C18571-A34F-4B61-B7FA-3649E31BA513"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*","matchCriteriaId":"7F7BE139-0DC5-4008-A974-D1A01E1758EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*","matchCriteriaId":"449AC115-FF3D-4D40-9D8A-8439625D3410"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*","matchCriteriaId":"84A099DF-F17F-47A3-A17E-C397445A3430"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*","matchCriteriaId":"4E680BB2-8E4B-407E-813E-661D8880DF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*","matchCriteriaId":"0A1EF835-E571-4985-96DC-1703BF3F3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*","matchCriteriaId":"E7C74206-9610-4725-8AB9-CEBD6213DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*","matchCriteriaId":"E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*","matchCriteriaId":"E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*","matchCriteriaId":"90166099-D6E9-4346-9C24-1E2CB3FC2455"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96850","source":"cve@mitre.org"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96850","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10104","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users. This allows an attacker to recover encrypted passwords for SSH/SFTP profiles. Verified in all 10.x versions up to and including 10.25, and all 11.x versions up to and including 11.14."},{"lang":"es","value":"Puede ocurrir divulgación de información en sshProfiles.jsd en Hitek Software's Automize debido a que el que el atributo Leer se establece para Usuarios. Esto permite a un atacante recuperar contraseñas cifradas para perfiles SSH/SFTP. Se verifica en todas las versiones hasta la 10.x incluyendo la 10.25 y todas las versiones hasta la 11.x incluyendo la 11.14."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.00:*:*:*:*:*:*:*","matchCriteriaId":"3A7C2457-43EB-4486-A120-B7D459FC279B"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.01:*:*:*:*:*:*:*","matchCriteriaId":"35EAE4F6-29CE-4D20-8567-2220905A4783"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.02:*:*:*:*:*:*:*","matchCriteriaId":"722B055A-E157-46AA-9919-0BE7491B15E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.03:*:*:*:*:*:*:*","matchCriteriaId":"3913B250-2602-4943-A45E-407118445FBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.04:*:*:*:*:*:*:*","matchCriteriaId":"6727427E-834D-42A8-8182-2C5FDFE520C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.05:*:*:*:*:*:*:*","matchCriteriaId":"052CF7DA-98F0-4390-8FAE-5AF5F42708EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.06:*:*:*:*:*:*:*","matchCriteriaId":"A83DAF2F-569D-433B-85E1-138AEADF4E0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.07:*:*:*:*:*:*:*","matchCriteriaId":"42CC6578-8DFA-4500-AF77-9DC73834C8E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.08:*:*:*:*:*:*:*","matchCriteriaId":"7AC7B1FF-1FB4-423C-BD9D-75DD6B6E66E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.09:*:*:*:*:*:*:*","matchCriteriaId":"EEAC4542-BC4D-4DEA-8D7B-C750951E825F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.11:*:*:*:*:*:*:*","matchCriteriaId":"974AA5EF-9670-4DC6-89A2-DEDA3B3276D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.12:*:*:*:*:*:*:*","matchCriteriaId":"DA0C77C1-D835-4539-809C-1D6E805D40AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.13:*:*:*:*:*:*:*","matchCriteriaId":"E9FEEFF2-DB6B-472C-B2B7-C7C1D22DBA4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.14:*:*:*:*:*:*:*","matchCriteriaId":"DA79A04C-D25D-4D3E-B131-D4249EE0DA4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.15:*:*:*:*:*:*:*","matchCriteriaId":"474F086B-D331-498F-9313-159BC005BB17"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.16:*:*:*:*:*:*:*","matchCriteriaId":"A17B080F-E6A3-4A3D-B600-22466C45C82C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.17:*:*:*:*:*:*:*","matchCriteriaId":"A464860D-5D5D-4065-A7C6-BBE5DC9139D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.18:*:*:*:*:*:*:*","matchCriteriaId":"AF9197BC-92AB-4927-8805-494B39A2953A"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.19:*:*:*:*:*:*:*","matchCriteriaId":"1B27121A-7B58-4548-935F-57C1FF187EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.20:*:*:*:*:*:*:*","matchCriteriaId":"073ED514-E2CC-4D18-A9F4-9654E9161727"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.21:*:*:*:*:*:*:*","matchCriteriaId":"9D27D639-94D1-4BDE-AD4E-AEB37AFABCE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.22:*:*:*:*:*:*:*","matchCriteriaId":"43826AA5-62A0-4452-8EC4-098982867CA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.23:*:*:*:*:*:*:*","matchCriteriaId":"DDEA6E6A-D111-4320-BF3A-E5B7CC397423"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.24:*:*:*:*:*:*:*","matchCriteriaId":"63FADFB7-14A0-4C13-8853-40EACFBDBD85"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:10.25:*:*:*:*:*:*:*","matchCriteriaId":"3F80CAE4-2A0D-4805-AAC3-0FFD44D39F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.00:*:*:*:*:*:*:*","matchCriteriaId":"61137963-5766-4F2E-B4A2-EDA5A4469720"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.01:*:*:*:*:*:*:*","matchCriteriaId":"C7682507-9EA1-468D-8D8C-7060F068EA61"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.02:*:*:*:*:*:*:*","matchCriteriaId":"BF9EAFEE-3A59-4350-903E-D46AC9185FFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.03:*:*:*:*:*:*:*","matchCriteriaId":"0CD5DD65-A3DB-4F3F-A8CE-DEF6185D5648"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.04:*:*:*:*:*:*:*","matchCriteriaId":"00C18571-A34F-4B61-B7FA-3649E31BA513"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.05:*:*:*:*:*:*:*","matchCriteriaId":"7F7BE139-0DC5-4008-A974-D1A01E1758EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.06:*:*:*:*:*:*:*","matchCriteriaId":"449AC115-FF3D-4D40-9D8A-8439625D3410"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.07:*:*:*:*:*:*:*","matchCriteriaId":"84A099DF-F17F-47A3-A17E-C397445A3430"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.08:*:*:*:*:*:*:*","matchCriteriaId":"4E680BB2-8E4B-407E-813E-661D8880DF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.09:*:*:*:*:*:*:*","matchCriteriaId":"0A1EF835-E571-4985-96DC-1703BF3F3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.11:*:*:*:*:*:*:*","matchCriteriaId":"E7C74206-9610-4725-8AB9-CEBD6213DD07"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.12:*:*:*:*:*:*:*","matchCriteriaId":"E4830A80-D9A8-48CB-B5AE-A36FB0BE7EB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.13:*:*:*:*:*:*:*","matchCriteriaId":"E3FC908B-E1A7-4ED8-B6D2-A46CE87B96A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:hiteksoftware:automize:11.14:*:*:*:*:*:*:*","matchCriteriaId":"90166099-D6E9-4346-9C24-1E2CB3FC2455"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96845","source":"cve@mitre.org"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96845","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://rastamouse.me/guff/2016/automize/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10156","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229."},{"lang":"es","value":"Un fallo en systemd v228 en /src/basic/fs-util.c causó que los archivos suid de escritura universal se crearan cuando se usan las características de los temporizadores systemd, permitiendo a atacantes locales escalar sus privilegios a root. Esto se soluciona en v229."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:systemd_project:systemd:228:*:*:*:*:*:*:*","matchCriteriaId":"15362470-BF82-4CDB-988A-E077251B8673"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95790","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037686","source":"cve@mitre.org"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1020601","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41171/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95790","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037686","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1020601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41171/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10157","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because the mentioned DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code within the Akamai NetSession process space."},{"lang":"es","value":"Akamai NetSession 1.9.3.1 es vulnerable a DLL Hijacking: trata de cargar CSUNSAPI.dll sin suministrar la ruta completa. El problema es agravado porque la DLL mencionada está desaparecida de la instalación, haciendo posible secuestrar la DLL y posteriormente inyectar código dentro del espacio de proceso Akamai NetSession."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:akamai:netsession:1.9.3.1:*:*:*:*:*:*:*","matchCriteriaId":"457B5085-B0B2-4894-9993-5602F1B46C6C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95995","source":"cve@mitre.org"},{"url":"https://packetstormsecurity.com/files/140366/Akamai-NetSession-1.9.3.1-DLL-Hijacking.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95995","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://packetstormsecurity.com/files/140366/Akamai-NetSession-1.9.3.1-DLL-Hijacking.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8213","sourceIdentifier":"security_alert@emc.com","published":"2017-01-23T07:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Documentum WebTop Version 6.8 antes de P18 y Version 6.8.1 antes de P06 y EMC Documentum TaskSpace versión 6.7SP3 antes de P02 y EMC Documentum Capital Projects Version 1.9 antes de P30 y versión 1.10 antes de P17 y EMC Documentum Administrator versión 7.0, versión 7.1 y versión 7.2 antes de P18 contiene una vulnerabilidad Stored Cross-Site Scripting que podría ser potencialmente explotable por usuarios maliciosos para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_administrator:7.0:*:*:*:*:*:*:*","matchCriteriaId":"34D56991-BEA6-4160-9E5C-4B7034DB1FD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_administrator:7.1:*:*:*:*:*:*:*","matchCriteriaId":"E97C5C13-EBDB-4906-8875-1D8D70C68206"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_administrator:7.2:*:*:*:*:*:*:*","matchCriteriaId":"A5E065EF-D76B-40D3-BEC1-D846654C6590"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_capital_projects:1.9:*:*:*:*:*:*:*","matchCriteriaId":"3B0AED45-805C-4AE2-A12C-11F8710A7F06"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_capital_projects:1.10:*:*:*:*:*:*:*","matchCriteriaId":"2105B120-08F1-4493-8EDD-6DD8492A6D0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_taskspace:6.7:sp3:*:*:*:*:*:*","matchCriteriaId":"15EF2D73-E10A-469A-A8F4-9F4A2AE07C54"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_webtop:6.8:*:*:*:*:*:*:*","matchCriteriaId":"261FA013-FE18-4B09-A52B-909E2BB06891"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_webtop:6.8.1:*:*:*:*:*:*:*","matchCriteriaId":"D3A7E70A-8E7F-44F7-B6D2-4AE4B61D6D1E"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540019/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95625","source":"security_alert@emc.com"},{"url":"http://www.securitytracker.com/id/1037626","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540019/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95625","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037626","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9870","sourceIdentifier":"security_alert@emc.com","published":"2017-01-23T07:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system."},{"lang":"es","value":"EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10 y EMC Isilon OneFS 7.1.0.x está afectado por una vulnerabilidad de inyección LDAP que podría ser potencialmente explotable por un usuario malicioso para comprometer el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-90"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2CD6F32C-BC12-455D-9C78-F6485C72582E"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6521D899-186D-4200-96A2-C8137D6D8975"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"542839DF-EF0F-4B14-B56D-FBC0FE4D2787"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"B78EA29B-CD7A-4C9D-9B0C-E6888BEC82C4"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A7A42792-B156-45D3-9A22-C45FFCF652DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E706E435-8E45-4ACB-8BBC-5AC458378D4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DEDB97FE-6470-4AFE-A3B0-B664F132A190"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A669BE6B-726F-4F34-A009-798E32FF6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4AE74624-A44D-4837-AD36-DBF3E93D5ED9"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"47CBA2E5-6E46-4922-B56B-3F8C578074B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"90C22C93-9069-406E-9A14-03F20AD34D11"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CDD30754-489E-42BA-8B51-1FEB5DC30912"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"D92501AC-0588-4051-9568-52074E8A2D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"F7407DAA-7740-45B0-BA99-03794C8B1215"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F7E804DB-40F0-4FBF-8A85-A49767DC4022"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7F551F88-3176-4E92-AE7A-FCAB3A220A45"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"26144325-6722-48C1-A0C2-BB78EF9BDE60"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5F6E200D-49D6-492C-8B38-CBED90CA8118"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"10B1B998-AEEE-4123-82F3-72D84EF681DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0828B061-28B4-4AEE-BBB9-AF287B90713C"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"064C487D-517E-4F7B-A182-5DF287477652"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AB53E775-7A57-41D2-A93D-5F96D72622D1"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540020/30/0/threaded","source":"security_alert@emc.com","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95626","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540020/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95626","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5539","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability. An attacker can use ..\\/ to bypass the filter rule. Then, this attacker can exploit this vulnerability to delete or read any files on the server. It can also be used to determine whether a file exists."},{"lang":"es","value":"El parche para el salto de directorio (CVE-2017-5480) en b2evolution versión 6.8.4-stable tiene una vulnerabilidad eludible. Un atacante puede utilizar ..\\/ para eludir la regla de filtro. Luego. este atacante puede explotar esta vulnerabilidad para borrar o leer cualquier archivo en el servidor. Esto puede ser utilizado también para determinar si existe un archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:P/A:P","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:6.8.4:*:*:*:*:*:*:*","matchCriteriaId":"E378D53E-A877-4CBE-A94E-5DF6B23AA879"}]}]}],"references":[{"url":"http://b2evolution.net/downloads/6-8-5","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95700","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/b2evolution/b2evolution/issues/36","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://b2evolution.net/downloads/6-8-5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95700","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/e35f7c195d8c1103d2d981a48cda5ab45ecac48a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/b2evolution/b2evolution/issues/36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5544","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.547","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on FiberHome Fengine S5800 switches V210R240. An unauthorized attacker can access the device's SSH service, using a password cracking tool to establish SSH connections quickly. This will trigger an increase in the SSH login timeout (each of the login attempts will occupy a connection slot for a longer time). Once this occurs, legitimate login attempts via SSH/telnet will be refused, resulting in a denial of service; you must restart the device."},{"lang":"es","value":"Un problema fue descubierto en los switches FiberHome Fengine S5800 V210R240. Un atacante no autorizado puede acceder al servicio SSH del dispositivo, utilizando una herramienta de craqueo de contraseñas para establecer rápidamente conexiones SSH. Esto desencadenará un incremento en el tiempo de espera en el inicio de sesión SSH (cada un de los intentos de inicio de sesión ocupará una ranura de conexión durante un tiempo mayor). Una vez que esto ocurra, los intentos de inicio de sesión legítimos a través de SSH/telnet serán rechazados, resultando en una denegación de servicio; debe reiniciar el dispositivo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fiberhome:fengine_s5800_firmware:v210r240:*:*:*:*:*:*:*","matchCriteriaId":"C4C4C2BB-CB68-47EA-A125-7DECA73630D3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fiberhome:fengine_28f-s:-:*:*:*:*:*:*:*","matchCriteriaId":"FDA77F7F-59F0-4E9A-A6FA-55E6710D58EA"},{"vulnerable":false,"criteria":"cpe:2.3:h:fiberhome:fengine_52f-s:-:*:*:*:*:*:*:*","matchCriteriaId":"BA8E0A26-FF86-43F3-9D33-EF0B5648403C"},{"vulnerable":false,"criteria":"cpe:2.3:h:fiberhome:fengine_52t-s:-:*:*:*:*:*:*:*","matchCriteriaId":"C61388D1-E384-4DFF-89FF-72CA6B22AD9D"},{"vulnerable":false,"criteria":"cpe:2.3:h:fiberhome:fengine_s5800-28t-s:-:*:*:*:*:*:*:*","matchCriteriaId":"F5C5E8A6-8404-4F29-BC42-99AEB3DF91AC"},{"vulnerable":false,"criteria":"cpe:2.3:h:fiberhome:fengine_s5800-28t-s-pe:-:*:*:*:*:*:*:*","matchCriteriaId":"35DEF0C7-1261-498F-AB16-9078806F856E"}]}]}],"references":[{"url":"http://www.nfcwar.com","source":"cve@mitre.org","tags":["URL Repurposed"]},{"url":"http://www.securityfocus.com/bid/95708","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.nfcwar.com","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["URL Repurposed"]},{"url":"http://www.securityfocus.com/bid/95708","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5553","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL."},{"lang":"es","value":"Vulnerabilidad de XSS en plugins/markdown_plugin/_markdown.plugin.php en b2evolution en versiones anteriores a 6.8.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de una URL javascript:."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.4","matchCriteriaId":"14A848D5-3D72-484C-800F-A66AC941A094"}]}]}],"references":[{"url":"http://b2evolution.net/downloads/6-8-5","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95704","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://b2evolution.net/downloads/6-8-5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95704","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5554","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the \"Volume Up\" button during device boot, where an attacker with ADB access can issue the adb reboot bootloader command. Then, the attacker can put the platform's SELinux in permissive mode, which severely weakens it, by issuing: fastboot oem selinux permissive."},{"lang":"es","value":"Un problema fue descubierto en ABOOT en OnePlus 3 y 3T OxygenOS en versiones anteriores a 4.0.2. El atacante puede reiniciar el dispositivo en el modo de inicio rápido, lo que podría hacerse sin ninguna autenticación. Un atacante físico puede presionar el botón \"Subir Volumen\" durante el arranque del dispositivo, donde un atacante con acceso ADB puede emitir el comando bootlader de reinicio de adb. Entonces, el atacante puede poner el SELinux de la plataforma en modo permisivo, lo que lo debilita severamente, emitiendo: fastboot oem selinux permissive."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.8","matchCriteriaId":"343FD4D5-58CE-484E-B8E5-F3C2B15EF6F7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:oneplus:oneplus_3:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B1891E-38B0-42C5-89D3-3DC12217F087"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oneplus:oxygenos:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.4","matchCriteriaId":"4AB7D4A5-3FB2-4097-98D9-222FF350F10F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:oneplus:oneplus_3t:-:*:*:*:*:*:*:*","matchCriteriaId":"4C7E02CB-9EAC-4BFD-8CCC-337610E1CCEE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95706","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95706","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://securityresear.ch/2017/01/11/fastboot-oem-selinux-permissive/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.xda-developers.com/oneplus-33t-bootloader-vulnerability-allows-changing-of-selinux-to-permissive-mode-in-fastboot/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5556","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process."},{"lang":"es","value":"El plugin ConvertToPDF en Foxit Reader en versiones anteriores a 8.2 y PhantomPDF en versiones anteriores a 8.2 en Windows, cuando la aplicación gflags está habilitada permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de una imagen JPEG manipulada. La vulnerabilidad podría conducir a la divulgación de información; un atacante puede aprovechar esto en conjunto con otras vulnerabilidades para ejecutar código en el contexto del proceso actual."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:foxitsoftware:foxit_reader:8.1.4.1208:*:*:*:*:*:*:*","matchCriteriaId":"22C4F324-7C99-4A7C-BB65-263652CB3DB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:foxitsoftware:phantompdf:8.1.1.1115:*:*:*:*:*:*:*","matchCriteriaId":"72ECEB5E-EAD7-448E-B06A-FACEC75AA829"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95353","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-039/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.foxitsoftware.com/support/security-bulletins.php","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zerodayinitiative.com/advisories/ZDI-17-039/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.foxitsoftware.com/support/security-bulletins.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5563","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."},{"lang":"es","value":"LibTIFF versión 4.0.7 es vulnerable a una sobre lectura de bufer basado en memoria dinámica en tif_lzw.c resultando en DoS o ejecución de código a través de una imagen bmp manipulada en tools/bmp2tiff."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FE968DD2-24BE-4417-A6DF-D79E40E07766"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2664","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.securityfocus.com/bid/95705","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201709-27","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3606-1/","source":"cve@mitre.org"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2664","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://www.securityfocus.com/bid/95705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201709-27","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3606-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5574","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en register.php en GeniXCMS en versiones anteriores a 1.0.0 permite a usuarios no autenticados ejecutar comandos SQL arbitrarios a través del parámetro activation."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95701","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/69","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95701","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/69","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5575","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T07:59:00.767","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en inc/lib/Options.class.php en GeniXCMS en versiones anteriores a 1.0.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de el parámetro modules."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"0.0.8","matchCriteriaId":"ABA59DAB-097E-4E81-AAA6-28C5707A58E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95703","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/68","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95703","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/semplon/GeniXCMS/issues/68","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5182","sourceIdentifier":"security@opentext.com","published":"2017-01-23T15:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."},{"lang":"es","value":"Remote Manager en Open Enterprise Server (OES) permite a atacantes remotos no autenticados leer cualquier archivo arbitrario, a través de una URL especialmente manipulada, que permite un salto de directorio completo y una divulgación total de información. Esta vulnerabilidad esta presente en todas las versiones de OES para linux, it applies to OES2015 SP1 en versiones anteriores a Maintenance Update 11080, OES2015 en versiones anteriores a Maintenance Update 11079, OES11 SP3 en versiones anteriores a Maintenance Update 11078, OES11 SP2 en versiones anteriores a Maintenance Update 11077)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"},{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:novell:open_enterprise_server:2.0:*:*:*:*:linux_kernel:*:*","matchCriteriaId":"82A92EAA-F64B-4DFE-8471-151ACE7A84EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:novell:open_enterprise_server:2015:*:*:*:*:linux_kernel:*:*","matchCriteriaId":"F7B0F432-2442-48D7-941C-EA5BF417D891"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:open_enterprise_server:11.0:*:*:*:*:linux_kernel:*:*","matchCriteriaId":"2510A39F-B565-4060-8B20-3A3A9EB510A1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95743","source":"security@opentext.com"},{"url":"http://www.securitytracker.com/id/1037689","source":"security@opentext.com"},{"url":"https://www.novell.com/support/kb/doc.php?id=7018503","source":"security@opentext.com"},{"url":"http://www.securityfocus.com/bid/95743","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037689","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.novell.com/support/kb/doc.php?id=7018503","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5569","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T17:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."},{"lang":"es","value":"Un problema fue descubierto en eClinicalWorks Patient Portal 7.0 build 13. Esto es una inyección SQL ciega dentro de template.jsp, lo que puede ser explotada sin la necesidad de autenticación y a través de una solicitud POST HTTP, y que puede ser utilizado para volcar los datos de la base de datos a un servidor malicioso, utilizando una técnica fuera de banda tal como select_loadfile()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:*","matchCriteriaId":"2D551829-1627-4125-985A-830130EF0D7E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95741","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95741","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gist.github.com/malerisch/d32d127a002ac1f10bce39333ca9a4dc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5570","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T17:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique such as select_loadfile()."},{"lang":"es","value":"Un problema fue descubierto en eClinicalWorks Patient Portal 7.0 build 13. Esto es una inyección SQL ciega dentro de messageJson.jsp, que sólo puede ser explotado por usuarios autenticados a través de una petición POST HTTP y que puede ser utilizado para volcar los datos de la base de datos a un servidor malicioso, utilizando una técnica fuera de banda tal como select_loadfile()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:*","matchCriteriaId":"2D551829-1627-4125-985A-830130EF0D7E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95742","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95742","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gist.github.com/malerisch/898c7ae46abde5da15748beb1e6e886f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2013-7451","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag."},{"lang":"es","value":"El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro XSS a través de una etiqueta anidada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6D54646E-1A3E-4C39-84E6-7D7664052599"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2013-7452","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI."},{"lang":"es","value":"El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de una URI javascript manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.4","matchCriteriaId":"4ED42FEC-D762-4D28-8D6B-56DE5CFD9AA6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"cve@mitre.org","tags":["VDB Entry","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2013-7453","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing."},{"lang":"es","value":"El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos de sitios cruzados (XSS) a través de un vector relacionado con la reparación de IU."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.4","matchCriteriaId":"4ED42FEC-D762-4D28-8D6B-56DE5CFD9AA6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2013-7454","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings."},{"lang":"es","value":"El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de cadenas prohibidas anidadas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.4","matchCriteriaId":"4ED42FEC-D762-4D28-8D6B-56DE5CFD9AA6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2014-8362","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface."},{"lang":"es","value":"Vivint Sky Control Panel 1.1.1.9926 permite a atacantes remotos habilitar y deshabilitar el sistema de alarma y modificar otras configuraciones de seguridad a través de la interfaz habilitada para la web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:vivint:sky_control_panel_firmware:1.1.1.9926:*:*:*:*:*:*:*","matchCriteriaId":"77BFE685-5E80-46C1-A3E0-2678D92A58E1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:vivint:sky_control_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"6BF21C52-F058-4C27-916E-F16486E9B950"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136040/Vivint-Sky-Control-Panel-Unauthenticated-Access.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136040/Vivint-Sky-Control-Panel-Unauthenticated-Access.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2014-9772","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters."},{"lang":"es","value":"El paquete validator en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de caracteres hex codificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.4","matchCriteriaId":"88EAEFE4-41B6-4AFD-A858-190BC7C522C9"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97102","source":"cve@mitre.org"},{"url":"https://nodesecurity.io/advisories/43","source":"cve@mitre.org","tags":["Exploit","Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97102","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://nodesecurity.io/advisories/43","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-4626","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to \"corrupt the business logic\" via a negative value in an overdraft."},{"lang":"es","value":"B.A.S C2Box en versiones anteriores a 4.0.0 (r19171) se basa en la validación del lado del cliente, lo que permite a atacantes remotos \"corromper la lógica de negocio\" a través de un valor negativo en un sobregiro."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:treasuryxpress:c2box:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"833AC152-7A75-4444-8814-B4D17E09FDF5"}]}]}],"references":[{"url":"https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/136450/C2Box-4.0.0-r19171-Validation-Bypass.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-7743","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file."},{"lang":"es","value":"Vulnerabilidad de entidad externa de XML en PRTG Network Monitor en versiones anteriores a 16.2.23.3077/3078 permite a usuarios remotos autenticados leer archivos arbitrarios creando un nuevo sensor HTTP XML / REST Value que accede a un archivo XML manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"14.4.12.3282","matchCriteriaId":"493DB6BA-243B-4AA2-9652-3A0D0DE13A89"}]}]}],"references":[{"url":"https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.paessler.com/prtg/history/stable#16.2.23.3077","source":"cve@mitre.org","tags":["VDB Entry"]},{"url":"https://packetstormsecurity.com/files/137255/Paessler-PRTG-Network-Monitor-14.4.12.3282-XXE-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.paessler.com/prtg/history/stable#16.2.23.3077","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry"]}]}},{"cve":{"id":"CVE-2015-8315","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\""},{"lang":"es","value":"El paquete ms en versiones anteriores a 0.7.1 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de una cadena de versión larga, vulnerabilidad también conocida como \"denegación de servicio de expresión regular (ReDoS)\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vercel:ms:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.7.1","matchCriteriaId":"ADAEE7A9-A141-4930-AB81-9DABE39C0925"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96389","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/46","source":"cve@mitre.org","tags":["Broken Link","Exploit","Mitigation","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K46337613?utm_source=f5support&amp%3Butm_medium=RSS","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96389","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/46","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Mitigation","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K46337613?utm_source=f5support&amp%3Butm_medium=RSS","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8854","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a \"catastrophic backtracking issue for the em inline rule,\" aka a \"regular expression denial of service (ReDoS).\""},{"lang":"es","value":"El paquete marked en versiones anteriores a 0.3.4 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de vectores no especificados que desencadenan un \"problema de retroceso catastrófico para la regla em en línea\", vulnerabilidad también conocida como \"denegación de servicio de expresión regular (ReDoS)\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:marked_project:marked:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.3.4","matchCriteriaId":"AEC25255-6640-4076-8C2D-C8EF16960829"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","matchCriteriaId":"80F0FA5D-8D3B-4C0E-81E2-87998286AF33"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*","matchCriteriaId":"36D96259-24BD-44E2-96D9-78CE1D41F956"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/23","source":"cve@mitre.org","tags":["Broken Link","Patch","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K05052081?utm_source=f5support&amp%3Butm_medium=RSS","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K05052081?utm_source=f5support&amp%3Butm_medium=RSS","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8855","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\""},{"lang":"es","value":"El paquete semver en versiones anteriores a 4.3.2 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de una cadena de versión larga, vulnerabilidad también conocida como \"denegación de servicio de expresión regular (ReDoS)\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.1","matchCriteriaId":"848035BC-647E-497A-B89F-53427DB791E5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/86957","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/31","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/86957","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8856","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name."},{"lang":"es","value":"Vulnerabilidad de XSS en el paquete serve-index en versiones anteriores a 1.6.3 para Node.js permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de archivo o directorio manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openjsf:serve-index:*:*:*:*:node.js:*:*:*","versionEndExcluding":"1.6.3","matchCriteriaId":"3467E168-8F8E-4CA5-8CDA-288F002F648A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96392","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://nodesecurity.io/advisories/34","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96392","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://nodesecurity.io/advisories/34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8857","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript."},{"lang":"es","value":"El paquete uglify-js en versiones anteriores a 2.4.24 para Node.js no tiene en cuenta adecuadamente los valores no booleanos al reescribir las expresiones booleanas, lo que podrían permitir a atacantes eludir los mecanismos de seguridad o posiblemente tener otro impacto no especificado aprovechando incorrectamente el Javascript reescrito."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uglifyjs_project:uglifyjs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.4.24","matchCriteriaId":"AC16E931-F5DC-4D04-9C6D-9D86FFA40BE6"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96410","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/39","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/39","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8858","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a \"regular expression denial of service (ReDoS).\""},{"lang":"es","value":"El paquete uglify-js en versiones anteriores a 2.6.0 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de una entrada manipulada en una llamada de análisis, vulnerabilidad también conocida como \"denegación de servicio de expresión regular (ReDoS)\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uglifyjs_project:uglifyjs:*:*:*:*:*:node.js:*:*","versionEndIncluding":"2.5.0","matchCriteriaId":"D2EC3857-D440-4A9B-A0DD-A40D33C724AC"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96409","source":"cve@mitre.org"},{"url":"https://nodesecurity.io/advisories/48","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96409","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://nodesecurity.io/advisories/48","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8859","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors."},{"lang":"es","value":"El paquete send en versiones anteriores a 0.11.1 para Node.js permite a atacantes obter la ruta de root a través de vectores no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:send_project:send:*:*:*:*:*:node.js:*:*","versionEndExcluding":"0.11.1","matchCriteriaId":"E3AD6A79-80D5-4F94-9768-6914D8E9A13B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96435","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/56","source":"cve@mitre.org","tags":["Broken Link","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8860","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive."},{"lang":"es","value":"El paquete tar en versiones anteriores a 2.0.0 para Node.js permite a atacantes remotos ercribir archivos arbitrarios a través de un ataque de enlace simbólico en un archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.4","matchCriteriaId":"88EAEFE4-41B6-4AFD-A858-190BC7C522C9"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/57","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://nodesecurity.io/advisories/57","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8861","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted."},{"lang":"es","value":"El paquete handlebars en versiones anteriores a 4.0.0 para Node.js permite a atacantes remotos levar a cabo ataque de secuencias de comandos en sitios cruzados (XSS) aprovechando una plantilla con un atributo que no se cita."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:handlebars.js_project:handlebars.js:*:*:*:*:*:node.js:*:*","versionEndExcluding":"4.0.0","matchCriteriaId":"A339B16C-3548-47A1-93ED-4B48A6C83122"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96434","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2016-18","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96434","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2016-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8862","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.767","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted."},{"lang":"es","value":"Paquete mustache en versiones anteriores a 2.2.1 para Node.js permite a atacantes remotos llevar a cabo ataques de secuencias de sitios cruzados (XSS) aprovechando una plantilla con un atributo que no se cita."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mustache.js_project:mustache.js:*:*:*:*:*:node.js:*:*","versionEndIncluding":"2.2.0","matchCriteriaId":"45D059A0-0DC6-407D-8465-E82B9B355238"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96436","source":"cve@mitre.org"},{"url":"https://nodesecurity.io/advisories/62","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2016-18","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96436","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://nodesecurity.io/advisories/62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2016-18","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-8971","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.813","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063."},{"lang":"es","value":"Terminology 0.7.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de secuencias de escape que modifican el título de la ventana y luego se escriben a el terminal, un problema similar a CVE-2003-0063."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:enlightenment:terminology:0.7.0:*:*:*:*:*:*:*","matchCriteriaId":"1DC05BFD-4A00-48C0-8858-B5DAAAE1FCD7"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3712","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/04/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/04/15","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/07/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94132","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3712","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/04/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/04/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94132","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8972","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode."},{"lang":"es","value":"Desbordamientos de búfer basado en pila en la función ValidateMove en frontend/move.cc en GNU Chess (también conocida como gnuchess) en versiones anteriores a 6.2.4 podrían permitir a atacantes dependientes de contexto ejecutar código arbitrario a través de una entrada grande, según lo demostrado cuando esta en modo UCI."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:chess:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.4","matchCriteriaId":"CED8E309-90D6-4F98-A340-2C0FD94F6447"}]}]}],"references":[{"url":"http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/13/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://svn.savannah.gnu.org/viewvc/chess?revision=134&view=revision","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/13/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-0765","sourceIdentifier":"secalert@redhat.com","published":"2017-01-23T21:59:00.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en eshop-orders.php en el plugin eShop 6.3.14 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) page o (2) action."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elfden:eshop_plugin:6.3.14:*:*:*:*:wordpress:*:*","matchCriteriaId":"320D0D20-928D-41C2-B2C6-2F4F5228B8ED"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/02/3","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82347","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapid.dhs.org/advisory.php?v=160","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapid.dhs.org/advisory.php?v=160","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-0769","sourceIdentifier":"secalert@redhat.com","published":"2017-01-23T21:59:00.940","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter."},{"lang":"es","value":"Múltiples vulnerabilidades de inyección SQL en eshop-orders.php en el plugin eShop 6.3.14 para WordPress permiten (1) a administradores remotos ejecutar comandos SQL arbitrarios a través del parámetro delid o usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro (2) view, (3) mark o (4) change."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:elfden:eshop_plugin:6.3.14:*:*:*:*:wordpress:*:*","matchCriteriaId":"320D0D20-928D-41C2-B2C6-2F4F5228B8ED"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/02/3","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82347","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapid.dhs.org/advisory.php?v=160","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapid.dhs.org/advisory.php?v=160","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-1281","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:00.970","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the \"application directory\", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs."},{"lang":"es","value":"Vulnerabilidad de ruta de búsqueda no confiable en el instalador para TrueCrypt 7.2 y 7.1a, VerCrypt en versiones anteriores a 1.17-BETA y posiblemente otros productos permite a usuarios locales ejecutar código arbitrario con privilegios de administrador y llevar a cabo ataques de secuestro de DLL a través de un troyano DLL en el \"directorio de aplicación\", como se demuestra con las DLLs USP10.dll, RichEd20.dll, NTMarta.dll y SRClient.dll."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:idrix:truecrypt:7.1:a:*:*:*:*:*:*","matchCriteriaId":"C92DBA4D-8938-4549-ABA6-7CE718E40296"},{"vulnerable":true,"criteria":"cpe:2.3:a:idrix:truecrypt:7.2:*:*:*:*:*:*:*","matchCriteriaId":"47BC6DDF-E3CC-44C7-ABBE-50A2EAA7FBF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:idrix:veracrypt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.16","matchCriteriaId":"05919C08-FD08-45C8-A1E5-F43A7A08D980"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2016/Jan/22","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/11/1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Jan/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-1417","sourceIdentifier":"psirt@cisco.com","published":"2017-01-23T21:59:01.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed."},{"lang":"es","value":"Vulnerabilidad de ruta de búsqueda no confiable en Snort 2.9.7.0-WIN32 permite a atacantes remotos ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL a través de un troyano tcapi.dll que está localizado en la misma carpeta en un archivo remoto compartido como un archivo pcap que está siendo procesado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:snort:snort:2.9.7.0:*:*:*:*:windows:*:*","matchCriteriaId":"C713688C-9243-412A-AB7C-302362B73CE2"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539579/100/0/threaded","source":"psirt@cisco.com"},{"url":"http://www.securityfocus.com/bid/93269","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036936","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539579/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/93269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-1925","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow."},{"lang":"es","value":"Desbordamiento inferior de entero en header.c en lha permite a atacantes remotos tener un impacto no especificado a través de un valor de tamaño de encabezado grande para la cabecera (1) level0 o (2) level1 en un archivo lha, lo que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lha_for_unix_project:lha_for_unix:-:*:*:*:*:*:*:*","matchCriteriaId":"EF6146D3-6504-424E-987D-E81EBD42E229"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/18/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202007-42","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/01/18/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202007-42","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2242","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.097","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php."},{"lang":"es","value":"Exponent CMS 2.x en versiones anteriores a 2.3.7 Patch 3 permite a atacantes remotos ejecutar código arbitrarios a través del parámetro sc para install/index.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D8643385-8673-40EE-97D0-87F2C39D91D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D71D0337-96AF-4F40-9466-52C8D0A16747"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"0217F357-EEF6-4E0F-B8C4-79B60D8B9638"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"24C51C67-1870-4302-B1A2-298E3A675640"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3CC4E7EE-DB6B-456F-80A0-DC3DAC93BE94"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.4:p3:*:*:*:*:*:*","matchCriteriaId":"647925AE-3268-4CA8-A59E-76F8B85B4502"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"15E42B89-8F34-4272-8F15-9C39CA7D701C"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.5:p1:*:*:*:*:*:*","matchCriteriaId":"5F58A7A6-84C5-4D0D-931C-AC401532D938"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"57B206CC-4ABC-4207-88C0-D75AB5455AFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.6:p2:*:*:*:*:*:*","matchCriteriaId":"59DE46A6-FDA7-4FB7-9ED5-FB6274B6938A"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"863835E5-2D07-4F79-842B-69CA65BD8CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"44CBBED1-40D4-4851-949A-8FC0CF4E31E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.8:p2:*:*:*:*:*:*","matchCriteriaId":"8A38D396-D5FC-4B87-9359-AB32A367D11B"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"4408D4CD-4B7F-4A57-8C19-CDB517A48AF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.0.9:p5:*:*:*:*:*:*","matchCriteriaId":"A60296F9-8A44-4EA2-80C7-1734820B346C"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.0:alpha:*:*:*:*:*:*","matchCriteriaId":"7CE0F2BF-6850-4860-84A0-3C45629131CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"175E9F04-B0E1-4504-BB46-42F6AF64A1E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1296B22E-6A9F-4354-A3F9-C0098E15E5B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"1F084FB2-AC3E-426C-AE51-7916A56A0576"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"74FEA650-B6CF-4F43-A302-4665A63145DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.1.4:p11:*:*:*:*:*:*","matchCriteriaId":"17A20CFC-0A1B-4A18-99DC-076ADA132311"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B1CFBA46-C600-41AA-BDDA-205B1BDF435B"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.0:p5:*:*:*:*:*:*","matchCriteriaId":"CC6EB13B-E1D4-4533-81BF-6331E8633153"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F2B5B416-5125-4BF9-B60C-92BAC0CBA4DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"1D01F38E-039A-4F19-AAFC-67B67DCE5DDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.2:p2:*:*:*:*:*:*","matchCriteriaId":"E7DF4DDC-BF1F-4BE3-9247-59D32EFB87CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"28A7169C-E465-40AC-B054-2CB2E9DA0D10"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.2.3:p14:*:*:*:*:*:*","matchCriteriaId":"630E621B-6BF4-4006-A465-92ACFAF56DE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A9757868-2F5C-4796-9C35-DC3A6A827AAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.0:p4:*:*:*:*:*:*","matchCriteriaId":"93D0084C-04DE-4813-AFAB-3D60999F35E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8139DFA4-CF47-442F-B238-D6A8B9F451EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.1:p4:*:*:*:*:*:*","matchCriteriaId":"9F67584A-D847-4128-A3F9-FCE29C6D9AD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"1908130F-299F-4DFA-9557-FE0667083D02"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.2:p2:*:*:*:*:*:*","matchCriteriaId":"1397A083-FD8D-47CF-85A0-32C509B00CC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"4BB625BF-972B-46BF-8CDE-89C3C1777D41"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.3:p1:*:*:*:*:*:*","matchCriteriaId":"CAC4DF15-0D30-4048-BBEC-2CF0326B5DC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"3BB05EB8-2415-4B30-9243-89088E033CED"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.4:p1:*:*:*:*:*:*","matchCriteriaId":"6AAA99FC-045B-4C78-A07D-D4F4577E9927"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.5:*:*:*:*:*:*:*","matchCriteriaId":"C1B5858D-1FDD-4D29-B2BA-21C0743DF04F"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.5:p2:*:*:*:*:*:*","matchCriteriaId":"E6D557F2-4EE1-4640-920F-15B7CAFAD5B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.7:*:*:*:*:*:*:*","matchCriteriaId":"BD5777A6-4466-420F-98B8-0C5DB06B391C"},{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.8:*:*:*:*:*:*:*","matchCriteriaId":"8F7766EC-5D6A-4050-ACC6-85A443347A78"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://www.exponentcms.org/news/patch-3-released-for-v2-3-7","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability","source":"cve@mitre.org","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537499/100/0/threaded","source":"cve@mitre.org"},{"url":"https://www.htbridge.com/advisory/HTB23290","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/135721/Exponent-2.3.7-PHP-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://www.exponentcms.org/news/patch-3-released-for-v2-3-7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.exponentcms.org/news/show/title/security-notice-closing-an-exponent-security-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/archive/1/537499/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.htbridge.com/advisory/HTB23290","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-2783","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames."},{"lang":"es","value":"Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) en versiones anteriores a 4.2.3.0 y 5.x en versiones anteriores a 5.0.1.0 no maneja adecuadamente los índices VLAN e I-SIS, lo que permite a atacantes remotos obtener acceso no autorizado a través de marcos Ethernet manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:avaya:vsp_operating_system_software:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.2.0","matchCriteriaId":"AE692E05-3CF4-4AD6-A7A1-20704455585B"},{"vulnerable":true,"criteria":"cpe:2.3:a:avaya:vsp_operating_system_software:5.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7D777506-0765-4185-AF30-2E9FB1007D3E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92157","source":"cve@mitre.org"},{"url":"https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92157","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://packetstormsecurity.com/files/138082/Avaya-VOSS-4.1.0.0-SPB-Traffic-Traversal.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3147","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet."},{"lang":"es","value":"Desbordamiento de búfer en el listener collector.exe de Landesk Management Suite 10.0.0.271 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código arbitrario a través de un paquete grande."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ivanti:landesk_management_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.0.271","matchCriteriaId":"13178DFE-8983-4648-9208-20D570353D6B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93565","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.securifera.com/advisories/cve-2016-3147/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.securifera.com/advisories/cve-2016-3147/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-3177","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors."},{"lang":"es","value":"Múltiples vulnerabilidades de uso después de liberación de memoria y doble liberación en gifcolor.c en GIFLIB 5.1.2 tienen vectores de ataque y de impacto no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:giflib_project:giflib:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFDFBAD4-A9CF-4553-A723-B4B62B60619E"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/03/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://sourceforge.net/p/giflib/bugs/83/","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://sourceforge.net/p/giflib/bugs/83/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-4010","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data."},{"lang":"es","value":"Magento CE y EE en versiones anteriores a 2.0.6 permite a atacantes remotos llevar a cabo ataques de inyección de objeción de PHP y ejecutar código PHP arbitrario a través de la manipulación de los datos del carro de compra."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:community:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"759AD084-5EC4-4A1A-9ACF-68B4DCABE6C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"2.0.5","matchCriteriaId":"504F7347-D27F-4AEE-A63C-BCDE6C6B1285"}]}]}],"references":[{"url":"http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://magento.com/security/patches/magento-206-security-update","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39838/","source":"cve@mitre.org"},{"url":"http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://magento.com/security/patches/magento-206-security-update","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/137121/Magento-Unauthenticated-Arbitrary-File-Write.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/137312/Magento-2.0.6-Unserialize-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39838/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4055","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a \"regular expression Denial of Service (ReDoS).\""},{"lang":"es","value":"La función duration en el paquete moment en versiones anteriores a 2.11.2 para Node.js permite a atacantes remotos provocar una denegación de servicio (consumo de CPU ) a través de una cadena larga, vulnerabilidad también conocida como \"Denial of Service (ReDoS) de expresión regular\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:momentjs:moment:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2.11.2","matchCriteriaId":"CBEAC768-CE50-4B5E-BCF3-396376CB80E5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*","versionEndIncluding":"8.2.3","matchCriteriaId":"427DA624-2397-4A61-A2ED-23F5C22C174E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndIncluding":"18.8.4","matchCriteriaId":"57CCC89E-2708-42E2-8BDF-30E41788BE28"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95849","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E","source":"cve@mitre.org"},{"url":"https://nodesecurity.io/advisories/55","source":"cve@mitre.org","tags":["Broken Link","Exploit","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2019-02","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/54df3aeb4239b64b50b356f0ca6f986e3c4ca5b84c515dce077c7854%40%3Cuser.flink.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://nodesecurity.io/advisories/55","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Exploit","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2019-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-4056","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark."},{"lang":"es","value":"Vulnerabilidad de XSS en el componente Backend en TYPO3 6.2.x en versiones anteriores a 6.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de el parámetro module cuando crea un marcador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*","matchCriteriaId":"C7715060-1441-4CF9-BEDF-91D28FE31ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"29602159-5C1E-4C5A-9E4C-F3183D3EA8A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"52CC6148-48F9-4532-96D3-8C6D82B8B815"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:alpha3:*:*:*:*:*:*","matchCriteriaId":"E501EDED-B7DC-4D00-9DAF-862BC8C14C60"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*","matchCriteriaId":"7183456A-52B4-4386-8979-A2ECEA9959FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*","matchCriteriaId":"16EEC79F-3293-451C-864E-9CE020F6C730"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*","matchCriteriaId":"8FD27EAD-04D5-4C55-952E-020954B90CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta4:*:*:*:*:*:*","matchCriteriaId":"F67C62FD-A683-43F3-BF0E-D368617B194C"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta5:*:*:*:*:*:*","matchCriteriaId":"8CCC09EC-CB2C-466A-BD71-4DD2C34288B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta6:*:*:*:*:*:*","matchCriteriaId":"82F45E35-4731-4527-861F-3999ABED94B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:beta7:*:*:*:*:*:*","matchCriteriaId":"FC154041-5B1B-484C-8EF8-9EBC73A9FF3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"36E925BE-8D4F-49FE-90EF-68C1DE776107"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.0:rc2:*:*:*:*:*:*","matchCriteriaId":"DA0AF154-CC16-4536-B120-A9040CE92394"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"99262E73-E4A7-4657-A32E-3C289C052675"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"E230A800-B2DE-4ED4-9C6B-961832C39900"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1A96891D-A2B1-492C-A914-51F9631D5C40"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*","matchCriteriaId":"3D7316A8-E445-45C6-BFD9-8E19254AC7AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*","matchCriteriaId":"D95C12B4-51F1-4FFC-892B-1432D1E5219A"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*","matchCriteriaId":"308EF598-B9DF-47C5-A1AC-1A2A16767E84"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*","matchCriteriaId":"1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*","matchCriteriaId":"4B9EDF6E-299A-4277-9C2F-B25D5F9A189E"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.9:*:*:*:*:*:*:*","matchCriteriaId":"313D0192-8849-4DA1-820E-28E2FC4E37C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.10:*:*:*:*:*:*:*","matchCriteriaId":"265DCFF8-2EC5-49EA-8D06-1956F3109F09"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.10:rc1:*:*:*:*:*:*","matchCriteriaId":"2D8FB68B-E4E8-4501-94F6-2922781D8C16"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.11:*:*:*:*:*:*:*","matchCriteriaId":"6F1FEAA4-B0D8-4B5B-8958-173245F55134"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.12:*:*:*:*:*:*:*","matchCriteriaId":"0E806A38-C603-4916-93E2-FE43062B09C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.13:*:*:*:*:*:*:*","matchCriteriaId":"17EB5B78-0AD1-4259-8537-058D888B30B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.14:*:*:*:*:*:*:*","matchCriteriaId":"06C7E6FD-99D0-4F48-B5DF-0EFD4C05079D"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.15:*:*:*:*:*:*:*","matchCriteriaId":"21217A49-637C-4F60-B8F8-8699E71D6BFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.16:*:*:*:*:*:*:*","matchCriteriaId":"8ECD9604-F523-4BA0-A49F-5EF80A478263"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.17:*:*:*:*:*:*:*","matchCriteriaId":"B6CF3415-EA27-4AEF-AFDB-395ED8F9E009"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:6.2.18:*:*:*:*:*:*:*","matchCriteriaId":"E428C4A9-0FEB-4501-936A-9FB439D0E4AA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/21/1","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/21/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://labs.integrity.pt/advisories/cve-pending-stored-cross-site-scripting-in-typo3-bookmarks/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-006/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4338","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter."},{"lang":"es","value":"La secuencia de comandos de configuración de parámetros de usuario de mysql (userparameter_mysql.conf) en el agente en Zabbix en versiones anteriores a 2.0.18, 2.2.x en versiones anteriores a 2.2.13 y 3.0.x en versiones anteriores a 3.0.3, cuando se utiliza con un shell que no sea bash, permite a atacantes dependientes de contexto ejecutar código arbitrario o comandos SQL a través del parámetro mysql.size."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A13691AD-76EE-461B-A5A8-C8433AC907CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D7F5CFFB-7492-4E87-8B85-2EB99CE2A9EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"29ACE6F0-E3B4-4B9D-A40A-47B66BA81FA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E538292A-0573-4F6E-8504-F86863AE1D04"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"8213C387-7A54-4C86-AB6C-DF72AA17EFD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"20104F5A-C278-4426-AF62-FF652C242CBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"C31B0F7D-E0A5-4EB8-BEE6-963905C734A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"292B7BEC-B201-4415-8730-2424EF00B419"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"C814F99F-93DF-410C-B0F8-4370F9950515"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"24B48111-3352-4F57-AD16-2DC04BA76735"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"7822FDCC-B05B-4716-B75B-20C8C8286CE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.11:*:*:*:*:*:*:*","matchCriteriaId":"65E9EC9B-C075-442C-8EB7-F1FFE877A05D"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.12:*:*:*:*:*:*:*","matchCriteriaId":"F5A4EFC4-BF36-4564-9F0D-2E228C994F53"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"73516842-638E-4E42-A5DA-4E1511186B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.14:*:*:*:*:*:*:*","matchCriteriaId":"128A8572-824D-4C04-9A7F-B22A3F18B694"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.15:*:*:*:*:*:*:*","matchCriteriaId":"C97CAF96-5861-4DE1-AA8D-19C288BFB894"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.16:*:*:*:*:*:*:*","matchCriteriaId":"3DA8A464-665B-4D43-B273-2062020996F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.0.17:*:*:*:*:*:*:*","matchCriteriaId":"EEA52C15-7E7C-422A-A003-F5B273C05D80"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.0:-:*:*:*:*:*:*","matchCriteriaId":"C8E20742-98CE-41DE-AEE7-28B2D85FE7D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.1:-:*:*:*:*:*:*","matchCriteriaId":"C69CF03C-D881-45B9-B70C-007D6237C2DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.2:-:*:*:*:*:*:*","matchCriteriaId":"DD650581-FCC2-455A-B39B-2B7293C3BA06"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.3:-:*:*:*:*:*:*","matchCriteriaId":"037D7380-4763-46AC-80DE-905732FC96E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"5E369F7E-7BA8-4A13-A1AD-D270D6525F8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.5:*:*:*:*:*:*:*","matchCriteriaId":"4D7D00BD-DB3A-4423-B69A-A4F9D0DD6424"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"D071ECA5-0D7D-4244-8E89-64E321C14EFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.7:*:*:*:*:*:*:*","matchCriteriaId":"78AC01B9-47EE-4D55-8836-B483014B3101"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"EDFFE22A-D946-4FB0-8E82-8BB5B58DF5D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.9:*:*:*:*:*:*:*","matchCriteriaId":"AC7C8136-4C20-4D33-8FE0-04F2702299CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.10:*:*:*:*:*:*:*","matchCriteriaId":"72391035-99FB-43C1-BB5F-F1B7B0C966AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.11:*:*:*:*:*:*:*","matchCriteriaId":"C8DFCF86-062C-4750-9669-34C4F7A4354A"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:2.2.12:*:*:*:*:*:*:*","matchCriteriaId":"CC7486A9-8D75-492A-81F4-93B931F7B447"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C35CF109-6E71-4A52-8BC6-AE2F0E397BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"70324316-BC45-4C87-9C73-52B1229D0CBD"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/9","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538258/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/89631","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201612-42","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.zabbix.com/browse/ZBX-10741","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/39769/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscellaneous_improvements","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscellaneous_improvements","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538258/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/89631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201612-42","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.zabbix.com/browse/ZBX-10741","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/39769/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscellaneous_improvements","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscellaneous_improvements","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscellaneous_improvements","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4340","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to \"log in\" as any other user via unspecified vectors."},{"lang":"es","value":"La característica de suplantación en Gitlab 8.7.0, 8.6.0 hasta la versión 8.6.7, 8.5.0 hasta la versión 8.5.11, 8.4.0 hasta la versión 8.4.9, 8.3.0 hasta la versión 8.3.8 y 8.2.0 hasta la versión 8.2.4 permite a usuarios remotos autenticados para \"iniciar sesión\" como cualquier otro usuario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6F6ACB05-8D9C-4ECA-B16B-C921E4FD31DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.2.1:*:*:*:*:*:*:*","matchCriteriaId":"27A9A324-CAAF-44E2-ADC0-E53AE2A7E938"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"23B02581-E578-4E7F-96C9-4F7A96BE7860"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.2.3:*:*:*:*:*:*:*","matchCriteriaId":"68D04194-FB0E-453E-B929-D1325DA16A7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.2.4:*:*:*:*:*:*:*","matchCriteriaId":"557FA9F7-F3EC-488C-95F7-C5C46193FAD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5AB1E9DA-044D-4C0F-B9D2-7968EEAC1E53"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8F8C211D-EBB4-4BCA-A2C5-822FF8CDF8EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C4CB8EEA-DEAB-4AD4-982F-4EF9BE64383E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.3:*:*:*:*:*:*:*","matchCriteriaId":"1AF5F349-A3F2-428A-9633-6E539FF9076C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.4:*:*:*:*:*:*:*","matchCriteriaId":"7F2F3687-5F61-45B7-B8FD-8EE811B498CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.5:*:*:*:*:*:*:*","matchCriteriaId":"899284C0-78D7-4C08-9FD8-914CB9EFDB21"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.6:*:*:*:*:*:*:*","matchCriteriaId":"57014FD4-B830-447B-81D0-7D06443A823B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.7:*:*:*:*:*:*:*","matchCriteriaId":"8F8F7599-7B77-4FD1-8500-9642C710964F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.3.8:*:*:*:*:*:*:*","matchCriteriaId":"009D7D10-9596-4BDE-8316-7F12C2661DA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9B4C899C-79DD-4BF0-A47F-AC7BDCB0E9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.1:*:*:*:*:*:*:*","matchCriteriaId":"BF1169BC-5AB5-4AF9-A24E-8248D44B155A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.2:*:*:*:*:*:*:*","matchCriteriaId":"35B03219-1693-4EEE-9F1B-60AEE70EE951"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.3:*:*:*:*:*:*:*","matchCriteriaId":"758FF583-64B8-4FA5-A93C-6396AD8F7AB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.4:*:*:*:*:*:*:*","matchCriteriaId":"EA96A87C-3BEE-47A2-8B1B-753C83287CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.5:*:*:*:*:*:*:*","matchCriteriaId":"78565647-D678-4A66-82CF-EEDFFB626E22"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.6:*:*:*:*:*:*:*","matchCriteriaId":"24DA2765-EF74-4BEE-B9A7-51AB9BB9243F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.7:*:*:*:*:*:*:*","matchCriteriaId":"087421A5-2590-4D51-B495-5F02580D7180"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.8:*:*:*:*:*:*:*","matchCriteriaId":"74B5890A-03F7-4819-86BC-7E78F89B2FE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.4.9:*:*:*:*:*:*:*","matchCriteriaId":"193016A1-7935-43C3-99DF-0DA2810DBDAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.0:*:*:*:*:*:*:*","matchCriteriaId":"BB84AB58-030E-4D9C-80FC-F95D9A9F89C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.1:*:*:*:*:*:*:*","matchCriteriaId":"03166423-5AB0-4E48-BA92-093B892B3A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"29CBEDBE-538B-48F6-9826-38308F1BC145"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"26E5E290-F466-4155-9880-7582308F5979"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.4:*:*:*:*:*:*:*","matchCriteriaId":"0C9E4947-A678-47F1-A1E1-0EFB36B28F26"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.5:*:*:*:*:*:*:*","matchCriteriaId":"D53BAE6E-BD98-49E1-9827-B3AB927F6966"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.6:*:*:*:*:*:*:*","matchCriteriaId":"C5F5D35D-F1B1-4EF4-B8C6-08D854B24571"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.7:*:*:*:*:*:*:*","matchCriteriaId":"3E0DA079-A62F-4AB7-95F9-FCBEC883C37E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.8:*:*:*:*:*:*:*","matchCriteriaId":"92096CB1-5482-4FB5-B3ED-B38515CB78F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.9:*:*:*:*:*:*:*","matchCriteriaId":"365CB864-3465-4482-9D22-9E3D4B889A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.10:*:*:*:*:*:*:*","matchCriteriaId":"4BB1188E-A748-4830-AC6E-DE4B0D57A200"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.5.11:*:*:*:*:*:*:*","matchCriteriaId":"9FA814A1-FD0B-4E47-844A-285E379843F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.0:*:*:*:*:*:*:*","matchCriteriaId":"671B6F4B-DD3F-4E1A-9CE4-A6F9381BC4AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.1:*:*:*:*:*:*:*","matchCriteriaId":"ADB9541A-A7C6-4DD6-A4FA-ABE274E475D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.2:*:*:*:*:*:*:*","matchCriteriaId":"6EDC2B83-2528-416B-A0CF-4A1FE83200D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.3:*:*:*:*:*:*:*","matchCriteriaId":"283ADBFD-F105-4B22-9105-702792D6D6E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.4:*:*:*:*:*:*:*","matchCriteriaId":"8A97D45B-6D3E-48DE-AB58-9177B3646C71"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.5:*:*:*:*:*:*:*","matchCriteriaId":"5EA8B14A-68AD-430D-A8D0-419F38CDC31C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.6:*:*:*:*:*:*:*","matchCriteriaId":"D359FA9B-37BD-405A-9D85-042FE642AADC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.6.7:*:*:*:*:*:*:*","matchCriteriaId":"C232B818-420C-4ED6-AB7C-FB1605B18984"},{"vulnerable":true,"criteria":"cpe:2.3:a:gitlab:gitlab:8.7.0:*:*:*:*:*:*:*","matchCriteriaId":"E41E3701-D240-4B18-919B-E2B64950FCF9"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/15548","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40236/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/138368/GitLab-Impersonate-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://gitlab.com/gitlab-org/gitlab-ce/issues/15548","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40236/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4484","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password."},{"lang":"es","value":"La secuencia de comandos initrd de Debian para el paquete cryptsetup 2:1.7.3-2 y versiones anteriores permite a atacantes físicamente próximos obtener acceso a shell a través de muchos intentos de inicio de sesión con una contraseña no válida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cryptsetup_project:cryptsetup:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.7.3-2","matchCriteriaId":"F3238657-B9F4-47C6-9A21-67DD2D11AA8B"}]}]}],"references":[{"url":"http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html","source":"cve@mitre.org","tags":["Exploit","Mitigation","Technical Description","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/15/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/15/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94315","source":"cve@mitre.org"},{"url":"https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mitigation","Technical Description","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/15/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94315","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gitlab.com/cryptsetup/cryptsetup/commit/ef8a7d82d8d3716ae9b58179590f7908981fa0cb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-4793","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header."},{"lang":"es","value":"La función clientIp en CakePHP 3.2.4 y versiones anteriores, permite a atacantes remotos suplantar su IP a través del encabezado HTTP CLIENT-IP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cakephp:cakephp:*:*:*:*:*:*:*:*","versionEndIncluding":"3.2.4","matchCriteriaId":"FE339E2D-F566-4CA1-AB8B-357163490B17"}]}]}],"references":[{"url":"http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95846","source":"cve@mitre.org"},{"url":"https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX236992","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/39813/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95846","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX236992","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/39813/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5091","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action."},{"lang":"es","value":"Extbase en TYPO3 4.3.0 en versiones anteriores a 6.2.24, 7.x en versiones anteriores a 7.6.8 y 8.1.1 permite a atacantes remotos obtener información sensible o posiblemente ejecutar código arbitrario a través una acción Extbase manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2.23","matchCriteriaId":"53F9573C-DEFC-4428-A9F4-5D3BB41E27A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DC254112-3695-422E-BD5B-B5E65F61B4B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"58A72CC1-1BCE-415C-9816-AD34C14E36FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"237EEDFE-DFB0-4D6E-BAA6-7A374A384CF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"26264C04-D8E1-4780-97C3-13F287ECF11A"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3B89766D-2E3C-4CE9-92ED-8E5A8FF71D31"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*","matchCriteriaId":"3392C868-FFD8-4B00-ADD2-02CCCAEC5EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*","matchCriteriaId":"B5F859F4-E3EE-4C2D-A618-6E49769A1610"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1A7F660D-7C1E-43AA-B185-40309788F329"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4C022973-D06B-4CEF-87BF-3C016AAD4770"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*","matchCriteriaId":"36A63F3A-DC95-49FF-B6AC-FD98F8499905"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*","matchCriteriaId":"D8E276D9-4C36-4630-BC44-5D49398E4452"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*","matchCriteriaId":"BBF317B6-656C-4C2C-81F8-4864EE3F4D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*","matchCriteriaId":"D691A7EF-EE47-44EC-A073-04C3C0A432E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*","matchCriteriaId":"83E140F9-73E8-4EF7-BFDA-F56584D7FCFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*","matchCriteriaId":"8E576B25-E43B-4C21-B1E5-EF937714ABC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*","matchCriteriaId":"BCAB79AD-5991-4FCD-99C4-E742845BF086"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*","matchCriteriaId":"19E5EBD4-51A0-4948-BF52-442766C32B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B12C85B0-522C-4526-99EE-8EEFD1830281"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/26/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/26/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5119","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update."},{"lang":"es","value":"La funcionalidad de actualización automática en KeePass 2.33 y versiones anteriores, permite a atacantes man-in-the-middle ejecutar código arbitrario suplantando la respuesta de comprobación de versión y suministrando una actualización manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keepass:keepass:*:*:*:*:*:*:*:*","versionEndIncluding":"2.33","matchCriteriaId":"C35ADCD5-502E-43C4-89B8-A3E112D06DDE"}]}]}],"references":[{"url":"https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/","source":"cve@mitre.org","tags":["Exploit","Technical Description"]},{"url":"https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/","source":"cve@mitre.org","tags":["Patch","Product"]},{"url":"https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description"]},{"url":"https://packetstormsecurity.com/files/137274/KeePass-2-Man-In-The-Middle.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/keepass/discussion/329220/thread/e430cc12/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Product"]}]}},{"cve":{"id":"CVE-2016-5237","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file."},{"lang":"es","value":"Valve Steam 3.42.16.13 utiliza permisos débiles para los archivos en el directorio de programa Steam, lo que permite a usuarios locales modificar los archivos y posiblemente obtener privilegios como lo demuestra un archivo troyano Steam.exe"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.3,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:P/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:valvesoftware:steamos:*:*:*:*:*:*:*:*","versionEndIncluding":"3.42.16.13","matchCriteriaId":"228FEBC4-D96D-4039-B353-69D583613FB3"}]}]}],"references":[{"url":"https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39888/","source":"cve@mitre.org"},{"url":"https://packetstormsecurity.com/files/137343/Valve-Steam-3.42.16.13-Local-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39888/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5697","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors."},{"lang":"es","value":"Ruby-saml en versiones anteriores a 1.3.0 permite a atacantes realizar ataques de envoltura de firmas XML a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-91"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0","matchCriteriaId":"8C070E06-D129-452F-BC27-A509ED09B93B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/24/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/24/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5720","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory."},{"lang":"es","value":"Múltiples vulnerabilidades de ruta de búsqueda no confiable en Microsoft Skype permiten a usuarios locales ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL a través de un troyano (1) msi.dll, (2) dpapi.dll o (3) cryptui.dll que se encuentra en el directorio de trabajo actual."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:skype:-:*:*:*:*:*:*:*","matchCriteriaId":"2D73B22D-A1BA-4D2D-990B-42D0AE25800D"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2016/Sep/65","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95859","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2016/Sep/65","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95859","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5742","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.783","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en la interfaz XML-RPC en Movable Type Pro y Advanced 6.x en versiones anteriores a 6.1.3 y 6.2.x en versiones anteriores a 6.2.6 y Movable Type Open Source 5.2.13 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:advanced:*:*:*","matchCriteriaId":"46EBCB79-DD24-452C-8B54-A6ADF459C46D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0:*:*:*:pro:*:*:*","matchCriteriaId":"99D6EEE2-8F5F-43D1-A9AF-DFCE59483FD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:advanced:*:*:*","matchCriteriaId":"6B1A1A8A-B47E-40F3-A07D-66AD8F2031E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.1:*:*:*:pro:*:*:*","matchCriteriaId":"36435113-44FE-41C6-9EB6-DB603BB7E8DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:advanced:*:*:*","matchCriteriaId":"4801F84C-004D-437A-BC4A-45915B4228A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.2:*:*:*:pro:*:*:*","matchCriteriaId":"CE664558-4896-4326-BC03-973A9B4EE59D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:advanced:*:*:*","matchCriteriaId":"292405F1-4A82-4961-A4A1-F21F3AA6510D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.3:*:*:*:pro:*:*:*","matchCriteriaId":"FB43E3B1-A8CA-4F16-B034-F4E9321C2423"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:advanced:*:*:*","matchCriteriaId":"A485EFD7-255F-4BA2-9032-D96FB88C795B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.4:*:*:*:pro:*:*:*","matchCriteriaId":"8C0B7753-6DB3-4B01-9202-1D18596A135C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:advanced:*:*:*","matchCriteriaId":"77DC2B82-8822-40AF-B8BF-0612BF3054FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.5:*:*:*:pro:*:*:*","matchCriteriaId":"C27BAB0B-4489-4B2A-9251-F4F671906200"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:advanced:*:*:*","matchCriteriaId":"1FC6BA31-5FFE-4473-96EE-4BB376F073A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.6:*:*:*:pro:*:*:*","matchCriteriaId":"CFEA0EB4-8666-4D07-899A-519A41AB1CD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:advanced:*:*:*","matchCriteriaId":"B60407F2-9F4C-4CE8-A2EE-CD526D5C682A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.7:*:*:*:pro:*:*:*","matchCriteriaId":"A5ADA8C6-E7EF-4B00-ABBB-50854ECEDFF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:advanced:*:*:*","matchCriteriaId":"08ADF3D9-7462-4577-AA03-F5A5D3BA8C8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.0.8:*:*:*:pro:*:*:*","matchCriteriaId":"559A24DE-EBCD-4240-86E5-AD16F6BA6F39"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:advanced:*:*:*","matchCriteriaId":"05AADF42-D62C-4CD0-9581-4E29F3704E6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.0:*:*:*:pro:*:*:*","matchCriteriaId":"53CA8349-8798-4A16-B13E-B72B62141B42"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:advanced:*:*:*","matchCriteriaId":"D0A60CE1-E1BB-4020-9B46-C4FBBB18189A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.1:*:*:*:pro:*:*:*","matchCriteriaId":"1BF4E7AD-CE6D-4F04-ABC9-286173C427B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:advanced:*:*:*","matchCriteriaId":"C0B57ADA-5C3D-4B1A-9361-806E1CEE20E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.1.2:*:*:*:pro:*:*:*","matchCriteriaId":"FD38EA40-8ED0-4C96-BEF9-FB564C27E6FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:advanced:*:*:*","matchCriteriaId":"9B2AAB80-89F0-4DEC-BB2B-DB33CC98E979"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.0:*:*:*:pro:*:*:*","matchCriteriaId":"437E1348-D432-4822-9FFD-437809CB0890"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:advanced:*:*:*","matchCriteriaId":"F191CFFC-795D-4123-80C0-FEA01517C3E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.2:*:*:*:pro:*:*:*","matchCriteriaId":"BC863821-142E-4B2C-BBB3-A0E34898EEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:advanced:*:*:*","matchCriteriaId":"D1C039F4-5CFE-4B49-AB61-BEC853587EFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type:6.2.4:*:*:*:pro:*:*:*","matchCriteriaId":"4D86453C-13CC-4D7A-A937-D3F6E26ABD10"},{"vulnerable":true,"criteria":"cpe:2.3:a:sixapart:movable_type_open_source:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.13","matchCriteriaId":"A7C08602-329C-4506-BEFF-BF35BCDC7CB1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1036160","source":"cve@mitre.org"},{"url":"https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/22/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1036160","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5873","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.813","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL."},{"lang":"es","value":"Desbordamiento de búfer en las funciones de análisis de URL HTTP en pecl_http en versiones anteriores a 3.0.1 podrían permitir a atacantes remotos ejecutar código arbitrario a través de caracteres no imprimibles en una URL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:pecl_http:*:rc1:*:*:*:*:*:*","versionEndIncluding":"3.0.1","matchCriteriaId":"1D1684CA-1A43-4951-8B5B-3E75E9FD6D4A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95863","source":"cve@mitre.org"},{"url":"https://bugs.php.net/bug.php?id=71719","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://pecl.php.net/package/pecl_http/3.0.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-17","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95863","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.php.net/bug.php?id=71719","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://pecl.php.net/package/pecl_http/3.0.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-17","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5876","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request."},{"lang":"es","value":"ownCloud server en versiones anteriores a 8.2.6 y 9.x en versiones anteriores a 9.0.3, cuando la aplicación de galería está habilitada, permite a atacantes remotos descargar imágenes arbitrarias a través de una solicitud directa."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*","versionEndIncluding":"8.2.5","matchCriteriaId":"96BD1853-3059-4C6F-BDC5-4E6760403C2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"25185B4F-623B-45F5-97C3-A520C96B6CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8F31B84D-7A81-426C-8C91-BF86087ED657"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B8CF3111-74DA-4644-9318-4D5CC6FBD1CC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95861","source":"cve@mitre.org"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2016-010","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95861","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2016-010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6160","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266."},{"lang":"es","value":"tcprewrite en tcpreplay en versiones anteriores a 4.1.2 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de un frame grande. Esta vulnerabilidad está relacionada con CVE-2017-14266."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:tcpreplay:*:*:*:*:*:*:*:*","versionEndIncluding":"4.1.1","matchCriteriaId":"3896943F-838D-42D9-A1FB-D1D8EE3CC1B1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/05/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List"]},{"url":"https://github.com/appneta/tcpreplay/issues/251","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829350","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List"]},{"url":"https://github.com/appneta/tcpreplay/issues/251","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-6164","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.923","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size."},{"lang":"es","value":"Desbordamiento de entero en la función mov_build_index en libavformat/mov.c en FFmpeg en versiones anteriores a 2.8.8, 3.0.x en versiones anteriores a 3.0.3 y 3.1.x en versiones anteriores a 3.1.1 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican el tamaño de la muestra."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.7","matchCriteriaId":"9F230E55-6234-442A-A61C-0C120399B062"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C6E85AA0-559E-4EC5-AF61-100732EF0643"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3E86E3C4-946B-4E89-B0C1-010046D8D478"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"94E316AE-DF67-40B7-99CE-CE30BFECC4C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","matchCriteriaId":"1A730657-04E4-4802-8336-DB067AF00C5A"}]}]}],"references":[{"url":"http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit%3Bh=8a3221cc67a516dfc1700bdae3566ec52c7ee823","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95862","source":"cve@mitre.org"},{"url":"https://www.ffmpeg.org/security.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit%3Bh=8a3221cc67a516dfc1700bdae3566ec52c7ee823","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95862","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.ffmpeg.org/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6223","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:01.970","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer."},{"lang":"es","value":"Las funciones TIFFReadRawStrip1 y TIFFReadRawTile1 en tif_read.c en libtiff en versiones anteriores a 4.0.7 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente obtener información sensible a través de un índice negativo en un búfer de contenido de archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]}],"references":[{"url":"http://libtiff.maptools.org/v4.0.7.html","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/07/13/3","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/14/4","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/91741","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://libtiff.maptools.org/v4.0.7.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/07/13/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/14/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/91741","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6484","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf."},{"lang":"es","value":"Vulnerabilidad de inyección CRLF en Infoblox Network Automation NetMRI en versiones anteriores a 7.1.1 permite a atacantes remotos inyectar encabezados HTTP arbitrarios y llevar acabo ataques de división de respuesta HTTP a través del parámetro contentType en una acción de inicio de sesión para config/userAdmin/login.tdf."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:infoblox:netmri:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.1","matchCriteriaId":"F0A232D8-63FC-4C59-97B5-9D88B57C388C"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539366/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92794","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036736","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/138615/Infoblox-7.0.1-CRLF-Injection-HTTP-Response-Splitting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539366/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6517","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.033","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en Liferay Liferay 5.1.0 permite a atacantes remotos tener un impacto no especificado a través de un %2E%2E (punto punto codificado) en el parámetro minifierBundleDir para barebone.jsp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:liferay:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"9DF12FC6-F0BD-4931-9368-2083361E4074"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/01/5","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92215","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/01/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92215","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6521","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.080","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de CSRF en la consola de Grails (también conocida como Grails Debug Console y Grails Web Console) 2.0.7, 1.5.10 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que ejecuten código Groovy arbitrario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gopivotal:grails:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.9","matchCriteriaId":"680CBD14-8425-48AE-8889-098CB766307A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gopivotal:grails:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"28BEE9DC-DC76-4200-AAE1-D37B939BE805"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/11","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/2","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/03/9","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92267","source":"cve@mitre.org"},{"url":"https://github.com/sheehan/grails-console/issues/54","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/sheehan/grails-console/issues/55","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/03/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92267","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/sheehan/grails-console/issues/54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/sheehan/grails-console/issues/55","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6582","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.110","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification."},{"lang":"es","value":"El Doorkeeper gem en versiones anteriores a 4.2.0 para Ruby podrían permitir a atacantes remotos llevar a cabo ataques de repetición o revocar tokens arbitrarios aprovechando el fallo para implementar la especificación OAuth 2.0 Token Revocation."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:doorkeeper_project:doorkeeper:*:*:*:*:*:ruby:*:*","versionEndIncluding":"4.1.0","matchCriteriaId":"C1D455D8-18C2-4CC1-B959-09F3A1E5B66F"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/105","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539268/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92551","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/doorkeeper-gem/doorkeeper/issues/875","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138430/Doorkeeper-4.1.0-Token-Revocation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539268/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92551","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/doorkeeper-gem/doorkeeper/issues/875","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/doorkeeper-gem/doorkeeper/releases/tag/v4.2.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6600","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet."},{"lang":"es","value":"Vulnerabilidad de salto de directorio la funcionalidad de carga de archivos en ZOHO WebNMS Framework 5.2 y 5.2 SP1 permite a atacantes remotos cargar y ejecutar archivos JSP arbitrarios a través de un .. (punto punto) en el parámetro fileName para servlets/FileUploadServlet."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*","matchCriteriaId":"B943C917-C61B-4F29-AC4D-83D9D505BEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*","matchCriteriaId":"046C8EB2-592F-4D1D-9C53-1C628D6FA903"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92402","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"cve@mitre.org"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92402","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6601","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en la funcionalidad de descarga de archivos en ZOHO WebNMS Framework 5.2 y 5.2 SP1 permite a atacantes remotos leer archivos arbitrarios a través de un .. (punto punto) en el parámetro fileName para servlets/FetchFile."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*","matchCriteriaId":"B943C917-C61B-4F29-AC4D-83D9D505BEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*","matchCriteriaId":"046C8EB2-592F-4D1D-9C53-1C628D6FA903"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92402","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"cve@mitre.org"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92402","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6602","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.  NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit."},{"lang":"es","value":"ZOHO WebNMS Framework 5.2 y 5.2 SP1 utiliza un algoritmo de ofuscación débil para almacenar contraseñas, lo que permite a atacantes dependientes de contexto obtener contraseñas en texto plano aprovechando el acceso a WEB-INF/conf/securitydbData.xml. NOTA: este problema puede combinarse con CVE-2016-6601 para una explotación remota."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*","matchCriteriaId":"B943C917-C61B-4F29-AC4D-83D9D505BEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*","matchCriteriaId":"046C8EB2-592F-4D1D-9C53-1C628D6FA903"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92402","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"cve@mitre.org"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92402","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6603","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header."},{"lang":"es","value":"ZOHO WebNMS Framework 5.2 y 5.2 SP1 permite a atacantes remotos eludir la autenticación y suplantar usuarios arbitrarios a través del encabezado HTTP UserName."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:*","matchCriteriaId":"B943C917-C61B-4F29-AC4D-83D9D505BEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zohocorp:webnms_framework:5.2:sp1:*:*:*:*:*:*","matchCriteriaId":"046C8EB2-592F-4D1D-9C53-1C628D6FA903"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92402","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"cve@mitre.org"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/138244/WebNMS-Framework-5.2-SP1-Traversal-Weak-Obfuscation-User-Impersonation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Aug/54","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/539159/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92402","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.securiteam.com/index.php/archives/2712","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://forums.webnms.com/topic/recent-vulnerabilities-in-webnms-and-how-to-protect-the-server-against-them","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40229/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6668","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages."},{"lang":"es","value":"El Atlassian Hipchat Integration Plugin para Bitbucket Server 6.26.0 en versiones anteriores a 6.27.5, 6.28.0 en versiones anteriores a 7.3.7 y 7.4.0 en versiones anteriores a 7.8.17; pllugin HipChat para Confluence 6.26.0 en versiones anteriores a 7.8.17; y plugin HipChat para JIRA 6.26.0 en versiones anteriores a 7.8.17 permite a atacantes remotos obtener la clave secreta para comunicarse con instancias HipChat leyendo páginas no especificadas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.5.0:*:*:*:*:*:*:*","matchCriteriaId":"351C6311-8084-42F3-B7A4-A8E53D73FF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.1:*:*:*:*:*:*:*","matchCriteriaId":"EAAC3596-B70A-49A8-9062-1501474A5365"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.2:*:*:*:*:*:*:*","matchCriteriaId":"93D84D4C-7376-4590-8BD7-933F94590C29"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.3:*:*:*:*:*:*:*","matchCriteriaId":"FA204C29-5582-46B3-8EA5-EA890598F5A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.4:*:*:*:*:*:*:*","matchCriteriaId":"499688C7-21F0-49E0-9E8F-CDD6D7C768A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.5:*:*:*:*:*:*:*","matchCriteriaId":"4014117A-31F3-4494-9239-6DDFB89DB805"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.6:*:*:*:*:*:*:*","matchCriteriaId":"9CA9632D-C9F1-448B-8FFD-90FEF0C1C228"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.7:*:*:*:*:*:*:*","matchCriteriaId":"0883B0DB-DF33-4B80-A870-690D8A794824"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.8:*:*:*:*:*:*:*","matchCriteriaId":"89276664-D60B-40C5-8837-8C4421EACEAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.9:*:*:*:*:*:*:*","matchCriteriaId":"DBC2ACC2-E9DA-4C01-9FFD-E23FC7AAC970"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.10:*:*:*:*:*:*:*","matchCriteriaId":"70460C0E-1BB6-491A-9897-6F1EB5C10BAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.11:*:*:*:*:*:*:*","matchCriteriaId":"A1C0E9A8-6031-4F92-A709-F98C23FF6307"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.9.12:*:*:*:*:*:*:*","matchCriteriaId":"6594A7E7-169D-493A-966D-44E6229F9A1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.10.0:*:*:*:*:*:*:*","matchCriteriaId":"755F76DA-E7D5-43A0-B441-E734B6A5AE96"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.10.1:*:*:*:*:*:*:*","matchCriteriaId":"FE134D2F-B6D7-4DD7-8D69-B44FD79A7E9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.10.2:*:*:*:*:*:*:*","matchCriteriaId":"FD51134D-388F-4698-8993-6D927659DF45"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:5.10.3:*:*:*:*:*:*:*","matchCriteriaId":"0F69A3AE-7B13-4223-8CFD-7C64D5729177"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.0:*:*:*:*:*:*:*","matchCriteriaId":"ED7EB5D9-41D2-4F5A-BB71-8965231E0E91"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.26.10:*:*:*:*:*:*:*","matchCriteriaId":"3AF46F73-B274-4CAC-B09C-22B3922F8AE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.1:*:*:*:*:*:*:*","matchCriteriaId":"BCA2BF59-2057-4D40-9D2D-167DCD65BB36"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.29.2:*:*:*:*:*:*:*","matchCriteriaId":"22D74C92-6404-4423-A63E-D8FB73B93FCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:6.31.0:*:*:*:*:*:*:*","matchCriteriaId":"3F7E859E-FAB5-4814-92C0-EEAD91ED6C76"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A142C047-72E7-4A3B-A6D7-798111597569"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F08AE659-167E-478A-A8D4-376E6189C31F"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.2:*:*:*:*:*:*:*","matchCriteriaId":"798FABED-5F49-44C3-AB06-8AA9C5129F29"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.3.3:*:*:*:*:*:*:*","matchCriteriaId":"7D0E6E69-4C4C-4AB7-B5EC-98AC16538DB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.4.1:*:*:*:*:*:*:*","matchCriteriaId":"243FA02E-0878-4D6F-B421-19B25475A3FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.1:*:*:*:*:*:*:*","matchCriteriaId":"55AD904B-172D-4743-9424-620C0F8F4D11"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.3:*:*:*:*:*:*:*","matchCriteriaId":"B740B376-B549-4455-AFD9-0FB377707AB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_integration_for_hipchat:7.8.12:*:*:*:*:*:*:*","matchCriteriaId":"FDA633A3-6190-4CF9-B501-427151C90C1F"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539530/100/0/threaded","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93159","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/139004/Atlassian-HipChat-Secret-Key-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539530/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93159","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://confluence.atlassian.com/bitbucketserver/bitbucket-server-security-advisory-2016-09-21-840698321.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://confluence.atlassian.com/doc/confluence-security-advisory-2016-09-21-849052104.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2016-09-21-849052099.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6920","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función decode_block en libavcodec/exr.c en FFmpeg en versiones anteriores a 3.1.3 permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de vectores que implican posiciones de baldosa."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"3F445493-84D4-4A65-AE1F-2FC9C4E69774"}]}]}],"references":[{"url":"http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit%3Bh=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539368/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/92664","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92790","source":"cve@mitre.org"},{"url":"https://www.ffmpeg.org/security.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit%3Bh=79f52a0dbd484aad111e4bf4a4f7047c7ceb6137","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://packetstormsecurity.com/files/138618/ffmpeg-3.1.2-Heap-Overflow.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539368/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92664","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92790","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.ffmpeg.org/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7036","sourceIdentifier":"secalert@redhat.com","published":"2017-01-23T21:59:02.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys."},{"lang":"es","value":"python-jose en versiones anteriores a 1.3.2 permite a atacantes remotos tener un impacto no especificado aprovechando un fallo para utilizar una comparación de tiempo constante para teclas HMAC."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-361"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python-jose_project:python-jose:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.1","matchCriteriaId":"3F33EAF2-127F-4BD0-B7C6-4CCAA08646E6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95845","source":"secalert@redhat.com"},{"url":"https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/mpdavis/python-jose/releases/tag/1.3.2","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95845","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/mpdavis/python-jose/pull/35/commits/89b46353b9f611e9da38de3d2fedf52331167b93","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/mpdavis/python-jose/releases/tag/1.3.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7037","sourceIdentifier":"secalert@redhat.com","published":"2017-01-23T21:59:02.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack."},{"lang":"es","value":"La función de verificación en Encryption/Symmetric.php en Malcolm Fell jwt en versiones anteriores a 1.0.3 no utiliza una función segura de temporización para la comparación de hash, lo que permite a los atacantes suplantar firmas a través de un ataque de temporización."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-361"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emarref:jwt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.2","matchCriteriaId":"0B47BCDB-F12D-446C-ADC5-F34958F58079"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95847","source":"secalert@redhat.com"},{"url":"https://github.com/emarref/jwt/pull/20","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/emarref/jwt/releases/tag/1.0.3","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/emarref/jwt/pull/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/emarref/jwt/releases/tag/1.0.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7102","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a \"special path\" in the C: drive."},{"lang":"es","value":"ownCloud Desktop en versiones anteriores a 2.2.3 permite a usuarios locales ejecutar código arbitrario y posiblemente obtener privilegios a través de una librería de troyanos en una \"ruta especial\" en el controlador C:."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"AAE40AD9-D9EC-484E-8EBA-F087B7652C9D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92627","source":"cve@mitre.org"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2016-016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92627","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2016-016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7410","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file."},{"lang":"es","value":"La función _dwarf_read_loc_section en dwarf_loc.c en libdwarf 20160613 permite atacantes provocar una denegación de servicio (sobre lectura de búfer) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13:*:*:*:*:*:*:*","matchCriteriaId":"46FEB08E-F710-466E-BD43-561F31949708"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/13/5","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92971","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/13/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7567","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string."},{"lang":"es","value":"Desbordamiento de búfer en la función SLPFoldWhiteSpace en common/slp_compare.c en OpenSLP 2.0 permite a atacantes remotos tener un impacto no especificado a través de una cadena manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openslp:openslp:2.0.0:-:*:*:*:*:*:*","matchCriteriaId":"E52C2A69-3CDA-442B-8CC9-653964C883B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/27/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93186","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201707-05","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/45804/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/27/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93186","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201707-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/45804/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7792","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it."},{"lang":"es","value":"Ubiquiti Networks UniFi 5.2.7 no restringe el acceso a la base de datos, lo que permite a atacantes modificar la base de datos conectándose directamente a ella."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:C/I:C/A:C","baseScore":8.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.5,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ubiquiti_networks:unifi_ap_ac_lite_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"5.2.7","matchCriteriaId":"F44CFAF0-1A2E-4A2B-9464-8900D9B2E2DC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ubiquiti_networks:unifi_ap_ac_lite:-:*:*:*:*:*:*:*","matchCriteriaId":"AE984124-9A28-4A09-BCB5-9A8C07F44C70"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93270","source":"cve@mitre.org"},{"url":"https://packetstormsecurity.com/files/138928/Ubiquiti-UniFi-AP-AC-Lite-5.2.7-Improper-Access-Control.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93270","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://packetstormsecurity.com/files/138928/Ubiquiti-UniFi-AP-AC-Lite-5.2.7-Improper-Access-Control.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9012","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle."},{"lang":"es","value":"CloudVision Portal (CVP) en versiones anteriores a 2016.1.2.1 permite a usuarios remotos autenticados obtener acceso a los mecanismos de configuración internos a través del plano de gestión, relacionados con una petición a /web/system/console/bundle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:arista:cloudvision_portal:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.1.2.0","matchCriteriaId":"005CEDD9-9575-4257-909E-B8FA137BB5E8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94635","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94635","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/2116-security-advisory-27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9081","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.673","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors."},{"lang":"es","value":"Joomla! 3.4.4 hasta la versión 3.6.3 permite a atacantes restablecer nombre de usuario, contraseña y asignaciones de grupo de usuarios y posiblemente realizar otras modificaciones de cuentas de usuario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.4:*:*:*:*:*:*:*","matchCriteriaId":"98475DA0-9D72-4952-878B-4DD619132E66"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.5:*:*:*:*:*:*:*","matchCriteriaId":"8D6C4C68-E526-408F-A54D-86CB3E5D800F"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.6:*:*:*:*:*:*:*","matchCriteriaId":"CA0B678E-DB68-4F62-9E94-2A2D9053BCDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.7:*:*:*:*:*:*:*","matchCriteriaId":"ED5427CD-4C44-4B6A-A72E-BF27BECFD631"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.8:*:*:*:*:*:*:*","matchCriteriaId":"2FC7FF37-53BA-4DCB-B350-3D779977A853"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.4.8:rc:*:*:*:*:*:*","matchCriteriaId":"44C6373A-1200-49D8-87B8-1D923752E04D"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:*:*:*:*:*:*:*","matchCriteriaId":"76D4E968-72C3-40D1-A9E0-FC1C45513436"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:beta:*:*:*:*:*:*","matchCriteriaId":"639BD6FA-F5A9-4D58-9FD0-F20610CFF48A"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:beta2:*:*:*:*:*:*","matchCriteriaId":"871D0251-2BF5-4167-9B40-2D8024154802"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:beta3:*:*:*:*:*:*","matchCriteriaId":"E59A3191-47BB-438D-87BC-74CB19DC99BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:beta4:*:*:*:*:*:*","matchCriteriaId":"B36EC1DA-762B-4686-BE6E-6604D02F9FE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:beta5:*:*:*:*:*:*","matchCriteriaId":"DB0FE2EA-51E5-43FE-8DEA-94EA8A016B6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:rc:*:*:*:*:*:*","matchCriteriaId":"D5870A8F-914C-474F-BB4D-41F23061E1A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"7945BC2A-0357-4E49-9314-C8C75B926585"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"622CF895-3402-449F-A769-535ABD102D4B"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.0:rc4:*:*:*:*:*:*","matchCriteriaId":"04E27344-9C09-4202-8AFD-D2ADD8294D5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.1:*:*:*:*:*:*:*","matchCriteriaId":"91B37E54-0DCD-4A8B-83A0-3B14B962EBEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.1:rc:*:*:*:*:*:*","matchCriteriaId":"76E37DC8-1D4D-4E82-BB27-F6B5B947C8E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.5.1:rc2:*:*:*:*:*:*","matchCriteriaId":"75ECDB42-7E47-4ABC-8547-10091E9AFC5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:*:*:*:*:*:*:*","matchCriteriaId":"AC7B9A2E-1D53-4F55-A021-4B28C1F95C0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:alpha:*:*:*:*:*:*","matchCriteriaId":"5DCF94C1-7F4C-4F0D-973D-1A44F3CA2583"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:beta1:*:*:*:*:*:*","matchCriteriaId":"C9F3AD2F-5503-4A6A-BF32-6B570F5C383E"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:beta2:*:*:*:*:*:*","matchCriteriaId":"F86FF086-3D89-4350-92BC-8914ACD471A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:rc:*:*:*:*:*:*","matchCriteriaId":"352A89E4-8031-4AF7-8A57-A4BDF72FE56E"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.0:rc2:*:*:*:*:*:*","matchCriteriaId":"BC86535F-D1AE-4F4C-8B2D-6418D789CA08"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.1:*:*:*:*:*:*:*","matchCriteriaId":"003DBC50-8865-4704-BC79-1D945499BEF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.1:rc1:*:*:*:*:*:*","matchCriteriaId":"F05F8CEE-67F3-4868-87A6-E9DBAE70AA8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.1:rc2:*:*:*:*:*:*","matchCriteriaId":"72C3D2D6-BCC8-4381-B941-09FE693B8AD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.2:*:*:*:*:*:*:*","matchCriteriaId":"3A79B694-384E-4DDD-9AE5-DFFF1E695BA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.3:*:*:*:*:*:*:*","matchCriteriaId":"2F3C0F39-B5FD-409C-8AA1-720720704952"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.3:rc1:*:*:*:*:*:*","matchCriteriaId":"53190951-2DCC-4B00-A921-8F77A044FD78"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.3:rc2:*:*:*:*:*:*","matchCriteriaId":"77138C7E-04FE-4442-AEF9-BE8EB68F5ECC"},{"vulnerable":true,"criteria":"cpe:2.3:a:joomla:joomla\\!:3.6.3:rc3:*:*:*:*:*:*","matchCriteriaId":"5A0C7A46-1EF2-4DD4-991E-F120F994161C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93969","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93969","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9379","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file."},{"lang":"es","value":"El emulador de cargador de arranque pygrub en Xen, cuando se solicita el formato de salida de la expresión S, permite a administradores locales del SO invitado que utilizan pygrub leer o eliminar archivos arbitrarios en el host a través de citas de cadenas y expresiones S en el archivo de configuración del gestor de arranque."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","matchCriteriaId":"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94473","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037347","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-198.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa198.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-198.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa198.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9380","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.753","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file."},{"lang":"es","value":"El emulador de cargador de arranque pygrub en Xen, cuando se solicita el formato de salida delimitado por nulos, permite a administradores locales del SO invitado que utilizan pygrub leer o eliminar archivos arbitrarios en el host a través de bytes NUL en el archivo de configuración del gestor de arranque."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","matchCriteriaId":"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94473","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037347","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-198.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa198.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-198.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa198.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9381","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a \"double fetch\" vulnerability."},{"lang":"es","value":"Condición de carrera en QEMU en Xen permite a administradores locales del SO invitado x86 HVM obtener privilegios cambiando ciertos datos en anillos compartidos, vulnerabilidad también conocida como \"doble recuperación\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"F83E2010-6463-407A-928D-DB71A705A04C"},{"vulnerable":true,"criteria":"cpe:2.3:a:qemu:qemu:2.8.0:rc0:*:*:*:*:*:*","matchCriteriaId":"58947AD5-A971-4E22-8D8A-634E2ED5DECD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94476","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037344","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-197.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-197.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9382","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.830","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode."},{"lang":"es","value":"Xen 4.0.x hasta la versión 4.7.x administra mal los conmutadores de tareas x86 para el modo VM86, lo que permite a usuarios locales del SO invitado x86 HVM de 32-bit obtener privilegios o provocar una denegación de servicio (caída del SO invitado) aprovechando un sistema operativo invitado que utiliza conmutación de tareas de hardware y permite iniciar una una nueva tarea en modo VM86."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"550223A9-B9F1-440A-8C25-9F0F76AF7301"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FC734D58-96E5-4DD2-8781-F8E0ADB96462"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"62CEC1BF-1922-410D-BCBA-C58199F574C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"923F2C2B-4A65-4823-B511-D0FEB7C7FAB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0D532B60-C8DD-4A2F-9D05-E574D23EB754"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5D83CA8B-8E49-45FA-8FAB-C15052474542"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"27537DF5-7E0F-463F-BA87-46E329EE07AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3EA4F978-9145-4FE6-B4F9-15207E52C40A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"22A995FD-9B7F-4DF0-BECF-4B086E470F1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"219597E2-E2D7-4647-8A7C-688B96300158"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"65E55950-EACA-4209-B2A1-E09026FC6006"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"47640819-FC43-49ED-8A77-728C3D7255B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"2448537F-87AD-45C1-9FB0-7A49CA31BD76"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"E36B2265-70E1-413B-A7CF-79D39E9ADCFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"37148A72-BE20-45C5-8589-2309ED84D08C"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"FB736B4C-325A-4B27-8C8A-15E60B8A8C82"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BF948E6A-07BE-4C7D-8A98-002E89D35F4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"C0E23B94-1726-4F63-84BB-8D83FAB156D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"F30B5EF5-0AE8-420B-A103-B1B25A372F09"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"F784EF07-DBEC-492A-A0F4-F9F7B2551A0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"1044792C-D544-457C-9391-4F3B5BAB978D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FBD9AD01-50B7-4951-8A73-A6CF4801A487"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"75615D84-9CA1-456C-816D-768E37B074A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"7AB87384-A1F8-4136-A242-441C655D9364"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90CCECD0-C0F9-45A8-8699-64428637EBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F0ED340C-6746-471E-9F2D-19D62D224B7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"99BD7C4F-DE4C-4508-B20D-46A94B616C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3374F1FB-70F9-4EBC-837B-0D42282E3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","matchCriteriaId":"37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B814C381-4991-495A-B530-7543F977B346"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"BBB7BAFE-9CB4-40D2-908C-55307728116F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94470","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037341","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-192.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94470","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037341","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-192.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9383","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions."},{"lang":"es","value":"Xen, cuando se ejecuta en un hipervisor de 64-bit, permite a usuarios locales del SO invitado x86 modificar memoria arbitraria y consecuentemente obtener información sensible, provocar una denegación de servicio (caída del host), o ejecutar código arbitrario en el host aprovechando la emulación rota de instrucciones de prueba de bits."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","matchCriteriaId":"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94474","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037346","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-195.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94474","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037346","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-195.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9385","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.907","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks."},{"lang":"es","value":"La funcionalidad de emulación de escritura de base de segmento x86 en Xen 4.4.x hasta la versión 4.7.x permite a administradores locales del SO invitado x86 PV provocar una denegación de servicio (caída del host) aprovechando la falta de verificación de direcciones canónicas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"1044792C-D544-457C-9391-4F3B5BAB978D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FBD9AD01-50B7-4951-8A73-A6CF4801A487"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"75615D84-9CA1-456C-816D-768E37B074A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"7AB87384-A1F8-4136-A242-441C655D9364"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90CCECD0-C0F9-45A8-8699-64428637EBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F0ED340C-6746-471E-9F2D-19D62D224B7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"99BD7C4F-DE4C-4508-B20D-46A94B616C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3374F1FB-70F9-4EBC-837B-0D42282E3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","matchCriteriaId":"37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B814C381-4991-495A-B530-7543F977B346"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"BBB7BAFE-9CB4-40D2-908C-55307728116F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94472","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037342","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-193.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/94472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037342","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-193.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9386","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving \"unexpected\" base/limit values."},{"lang":"es","value":"El emulador x86 en Xen no trata adecuadamente los segmentos NULL de x86 como inutilizable el acceso a memoria, lo que podría permitir a usuarios locales del HVM invitado obtener privilegios a través de vectores que implican valores de base/límite \"inesperados\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","matchCriteriaId":"C2B9CCC2-BAC5-4A65-B8D4-4B71EBBA0C2F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94471","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037340","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-191.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX218775","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94471","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037340","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-191.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX218775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9401","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:02.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address."},{"lang":"es","value":"popd en bash podrían permitir a usuarios locales eludir el shell restringido y provocar un uso después de liberación de memoria a través de una dirección manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:*","versionEndExcluding":"4.4","matchCriteriaId":"A43C0425-7048-4F52-AD44-B8F9B2D4E06E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.4:patch1:*:*:*:*:*:*","matchCriteriaId":"7E40DD8D-EF13-468D-8299-12E37CD1924B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.4:patch2:*:*:*:*:*:*","matchCriteriaId":"94552CB6-CF18-45F6-9983-880E5B033212"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.4:patch3:*:*:*:*:*:*","matchCriteriaId":"A14FC9C0-6717-48DA-805D-8B1188D4CB8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.4:patch4:*:*:*:*:*:*","matchCriteriaId":"28D5F24A-FD02-4AA6-9EA2-4F7EF01990D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:bash:4.4:patch5:*:*:*:*:*:*","matchCriteriaId":"FFD90D2E-23E8-4D29-943C-F4D37499F031"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"21690BAC-2129-4A33-9B48-1F3BF30072A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0725.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94398","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1931","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0725.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9445","sourceIdentifier":"security@opentext.com","published":"2017-01-23T21:59:03.017","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow."},{"lang":"es","value":"Desbordamiento de entero en el decodificador vmnc en el gstreamer permite a atacantes remotos provocar una denegación de servicio (caída) a través de valores de anchura y altura grandes, lo que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"3BE7C36E-5222-4DFF-99BA-6A62343BD6A6"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html","source":"security@opentext.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"security@opentext.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"security@opentext.com"},{"url":"http://www.securityfocus.com/bid/94421","source":"security@opentext.com"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774533","source":"security@opentext.com"},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe","source":"security@opentext.com"},{"url":"https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html","source":"security@opentext.com"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"security@opentext.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94421","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774533","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9446","sourceIdentifier":"security@opentext.com","published":"2017-01-23T21:59:03.063","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas."},{"lang":"es","value":"El decodificador vmnc en el gstreamer no inicializa el lienzo de renderizado, lo que permite a permite a atacantes remotos obtener información sensible como se demuestra mediante la miniatura de una simple película vmnc de un frame que no dibuja el lienzo de renderizado asignado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-665"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.1","matchCriteriaId":"CCEA917F-6D0B-48B1-8F18-C114B96A72E0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"security@opentext.com"},{"url":"http://www.securityfocus.com/bid/94423","source":"security@opentext.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"security@opentext.com"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774533","source":"security@opentext.com"},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe","source":"security@opentext.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/","source":"security@opentext.com"},{"url":"https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html","source":"security@opentext.com"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94423","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774533","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/gst/vmnc/vmncdec.c?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM7IXFGHV66KNWGWG6ZBDNKXD2UJL2VQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9447","sourceIdentifier":"security@opentext.com","published":"2017-01-23T21:59:03.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file."},{"lang":"es","value":"Los mapeos ROM en el decodificador NSF en gstreamer 0.10.x permiten a atacantes remotos provocar una denegación de servicio (lectura o escritura fuera de límites) y posiblemente ejecutar código arbitrario a través de un archivo de música NSF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.0:*:*:*:*:*:*:*","matchCriteriaId":"2CABCEA7-47FE-4B3B-9556-FB8CDEAD4CDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.1:*:*:*:*:*:*:*","matchCriteriaId":"D4ABB6BA-BC7C-4DEF-8D56-7101EB5F9745"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA03BFEE-ED65-483F-AF60-FCF0B85F6D64"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.3:*:*:*:*:*:*:*","matchCriteriaId":"82EFDF82-DD6F-4825-82D6-3409B000403D"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.4:*:*:*:*:*:*:*","matchCriteriaId":"8D81E127-8840-4757-806C-A19DC2C918FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.5:*:*:*:*:*:*:*","matchCriteriaId":"BF2BBF67-A54C-47C4-B81A-67150A159959"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.6:*:*:*:*:*:*:*","matchCriteriaId":"FE6FFD5F-3EA4-43EF-9CED-BEF6146D5FFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.7:*:*:*:*:*:*:*","matchCriteriaId":"35DFA5A9-9E3B-453D-89F8-EF9F7CBF1A1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.8:*:*:*:*:*:*:*","matchCriteriaId":"7B26F0FF-2C0A-42B6-8B2C-FE5899F2EDFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.9:*:*:*:*:*:*:*","matchCriteriaId":"AD083B38-280D-4770-B7F1-335F9A042C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.10:*:*:*:*:*:*:*","matchCriteriaId":"68D24C7D-CA97-4E5A-B8EB-FA0975935A42"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.11:*:*:*:*:*:*:*","matchCriteriaId":"CB0FE9A8-D355-43C6-AA58-07E4146765F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.12:*:*:*:*:*:*:*","matchCriteriaId":"44D1AE29-B8BB-4B30-BAE9-621559489B5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.13:*:*:*:*:*:*:*","matchCriteriaId":"19AAEDF0-7DCF-4875-8353-9A9B22AAA741"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.14:*:*:*:*:*:*:*","matchCriteriaId":"B7C4B27F-533D-4F8F-8EE7-746E83C283EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.15:*:*:*:*:*:*:*","matchCriteriaId":"2D669FB3-F688-4D6C-A4AD-C30A527406A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.16:*:*:*:*:*:*:*","matchCriteriaId":"CE725461-3814-4105-8D18-50DA70692816"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.17:*:*:*:*:*:*:*","matchCriteriaId":"3251ADA9-8701-466B-8270-4467E87CFDBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.18:*:*:*:*:*:*:*","matchCriteriaId":"6457BE57-BBC8-4C7A-A30E-13C8822DFE0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.19:*:*:*:*:*:*:*","matchCriteriaId":"3F9B7A97-AAEF-4ECA-A286-C54D56B26E45"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.20:*:*:*:*:*:*:*","matchCriteriaId":"60548FE0-E0ED-40D1-9DC3-629201DAE5BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.21:*:*:*:*:*:*:*","matchCriteriaId":"F29CA4B6-A26C-4DFE-9B18-8BF36D6F1012"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.22:*:*:*:*:*:*:*","matchCriteriaId":"3FA04B72-5AA3-4114-B793-47A5D9251E49"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.23:*:*:*:*:*:*:*","matchCriteriaId":"956FBAF1-AD38-40D5-A355-19C7673243AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.24:*:*:*:*:*:*:*","matchCriteriaId":"5A822F28-63D0-409C-A7EB-0E292A59F1DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.25:*:*:*:*:*:*:*","matchCriteriaId":"58A4B74D-1B65-4868-A34F-16F4AFEB0753"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.26:*:*:*:*:*:*:*","matchCriteriaId":"7F6D776B-B8E7-407A-83B9-EFFC127B9F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.27:*:*:*:*:*:*:*","matchCriteriaId":"6A9A15C0-AAD1-41B3-93B4-54CC020D0144"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.28:*:*:*:*:*:*:*","matchCriteriaId":"79CA003D-1101-4C2C-8974-7DA03027A4A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.29:*:*:*:*:*:*:*","matchCriteriaId":"67635C9C-681C-44B4-A64E-25DB0B585AD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.30:*:*:*:*:*:*:*","matchCriteriaId":"7252F2D8-134C-48C5-AABF-3737F7536D5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.31:*:*:*:*:*:*:*","matchCriteriaId":"E190525E-4FBC-4C95-895C-F829FFF49992"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.32:*:*:*:*:*:*:*","matchCriteriaId":"7A218BF5-C156-4ED0-8936-DC701373BFB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.33:*:*:*:*:*:*:*","matchCriteriaId":"9A4232D3-F26F-4598-AA10-71ACD5B47950"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.34:*:*:*:*:*:*:*","matchCriteriaId":"57BC904F-54E5-4097-8166-A2FE7C9E3854"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.35:*:*:*:*:*:*:*","matchCriteriaId":"3C26CA87-2EFC-4F5B-8DF6-1B5F33869448"},{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:0.10.36:*:*:*:*:*:*:*","matchCriteriaId":"61495A4D-3D75-4C26-8C08-49CC35179E0A"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html","source":"security@opentext.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"security@opentext.com"},{"url":"http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"security@opentext.com"},{"url":"http://www.securityfocus.com/bid/94427","source":"security@opentext.com"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"security@opentext.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2974.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0018.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/12","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/13","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94427","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5371","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:03.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422."},{"lang":"es","value":"Odata Server en SAP Adaptive Server Enterprise (ASE) 16 permite a atacantes remotos provocar una denegación de servicio (caída del proceso) a través de una serie de peticiones manipuladas, vulnerabilidad también conocida como SAP Security Note 2330422."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sybase:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*","matchCriteriaId":"60DAB85D-361D-46BF-90E4-7210BA0F6B9D"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/140610/SAP-ASE-ODATA-Server-16-Denial-Of-Service.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/47","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93545","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-16-036-sap-ase-odata-server-denial-service/","source":"cve@mitre.org"},{"url":"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/140610/SAP-ASE-ODATA-Server-16-Denial-Of-Service.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/47","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-16-036-sap-ase-odata-server-denial-service/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5372","sourceIdentifier":"cve@mitre.org","published":"2017-01-23T21:59:03.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908."},{"lang":"es","value":"La función msp (también conocida como MSPRuntimeInterface) en el componente P4 SERVERCORE en SAP AS JAVA permite a atacantes remotos obtener información sensible del sistema aprovechando una verificación de autorización perdida para la función (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic o (5) getClientStatistic, vulnerabilidad también conocida como SAP Security Note 2331908."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*","matchCriteriaId":"5007E3B7-3C36-4256-9E01-51C6F52FD0FF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/50","source":"cve@mitre.org","tags":["Mailing List","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93504","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/","source":"cve@mitre.org"},{"url":"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/140611/SAP-NetWeaver-AS-Java-P4-MSPRUNTIMEINTERFACE-Information-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/50","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/93504","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-16-037-sap-java-p4-mspruntimeinterface-information-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://erpscan.io/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2929","sourceIdentifier":"psirt@adobe.com","published":"2017-01-24T07:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution."},{"lang":"es","value":"Las versiones de la extensión de Adobe Acrobat para Chrome 15.1.0.3 y anteriores tienen una vulnerabilidad de secuencias de comandos de sitios cruzados basada en DOM. Una explotación exitosa podría permitir la ejecución de código JavaScript."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat:15.1.0.3:*:*:*:*:chrome:*:*","matchCriteriaId":"9B56A307-B65D-4EC2-B26E-0BB7D82CD15B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95693","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037687","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-03.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95693","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037687","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-03.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2970","sourceIdentifier":"psirt@adobe.com","published":"2017-01-24T07:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Las versiones de Adobe Acrobat Reader 15.020.20042 y anteriores, 15.006.30244 y anteriores, 11.0.18 y anteriores tienen una vulnerabilidad explotable de desbordamiento de pila en el motor XSLT relacionada con la manipulación de plantilla. Una explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"591061D5-5A3B-4788-9219-E6A267C7F205"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"2DA73DF1-D517-4D01-A901-11C6A410F3F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"1044057B-3C1D-4920-B16E-11E8F43B416D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"65AE21B3-AF0D-480B-9D1A-4D64D2F749D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"C032D3A4-80F5-4066-97DC-3AED72D6C15A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"8D7F2E90-F6DF-41A3-A1DB-26058BEA2A02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","matchCriteriaId":"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95690","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2971","sourceIdentifier":"psirt@adobe.com","published":"2017-01-24T07:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Las versiones de Adobe Acrobat Reader 15.020.20042 y anteriores, 15.006.30244 y anteriores, 11.0.18 y anteriores tienen una vulnerabilidad explotable de desbordamiento de pila en la rutina del decodificador JPEG. Una explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"591061D5-5A3B-4788-9219-E6A267C7F205"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"2DA73DF1-D517-4D01-A901-11C6A410F3F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"1044057B-3C1D-4920-B16E-11E8F43B416D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"65AE21B3-AF0D-480B-9D1A-4D64D2F749D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"C032D3A4-80F5-4066-97DC-3AED72D6C15A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"8D7F2E90-F6DF-41A3-A1DB-26058BEA2A02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","matchCriteriaId":"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95690","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0259/","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0259/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2972","sourceIdentifier":"psirt@adobe.com","published":"2017-01-24T07:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Las versiones de Adobe Acrobat Reader 15.020.20042 y anteriores, 15.006.30244 y anteriores, 11.0.18 y anteriores tienen una vulnerabilidad explotable de corrupción de memoria en el módulo de conversación de imágenes relacionado con el análisis JPEG. Una explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"591061D5-5A3B-4788-9219-E6A267C7F205"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"2DA73DF1-D517-4D01-A901-11C6A410F3F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"1044057B-3C1D-4920-B16E-11E8F43B416D"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*","versionEndIncluding":"15.006.30244","matchCriteriaId":"65AE21B3-AF0D-480B-9D1A-4D64D2F749D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*","versionEndIncluding":"15.020.20042","matchCriteriaId":"C032D3A4-80F5-4066-97DC-3AED72D6C15A"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.18","matchCriteriaId":"8D7F2E90-F6DF-41A3-A1DB-26058BEA2A02"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","matchCriteriaId":"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95690","source":"psirt@adobe.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/acrobat/apsb17-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5495","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T07:59:00.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host. When Quagga daemons are configured with their telnet CLI enabled, anyone who can connect to the TCP ports can trigger this vulnerability, prior to authentication. Most distributions restrict the Quagga telnet interface to local access only by default. The Quagga telnet interface 'vty' input buffer grows automatically, without bound, so long as a newline is not entered. This allows an attacker to cause the Quagga daemon to allocate unbounded memory by sending very long strings without a newline. Eventually the daemon is terminated by the system, or the system itself runs out of memory. This is fixed in Quagga 1.1.1 and Free Range Routing (FRR) Protocol Suite 2017-01-10."},{"lang":"es","value":"Todas las versiones de Quagga, 0.93 hasta la versión 1.1.0, son vulnerables a una asignación de memoria ilimitada en la CLI de telnet 'vty', conduciendo a una denegación de servicio de los demonios de Quagga, o incluso a todo el host. Cuando los demonios de Quagga son configurados con su CLI de telnet habilitada, cualquiera que pueda conectarse a los puertos TCP puede desencadenar esta vulnerabilidad antes de la autenticación. La mayoría de las distribuciones restringen la interfaz de telnet de Quagga para el acceso local sólo por defecto. El búfer de entrada 'vty' de la interfaz de telnet de Quagga crece automáticamente, sin limite, siempre y cuando no se introduzca una nueva línea. Esto permite a un atacante hacer que el demonio de Quagga asigne memoria ilimitada enviando cadenas muy largas sin una nueva línea. Eventualmente el demonio es finalizado por el sistema, o el propio sistema se queda sin memoria. Esto se corrige en Quagga 1.1.1 y Free Range Routing (FRR) Protocol Suite 2017-01-10."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.0","matchCriteriaId":"7A460953-662D-47E0-B16E-06CFC2378895"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html","source":"cve@mitre.org"},{"url":"http://savannah.nongnu.org/forum/forum.php?forum_id=8783","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95745","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037688","source":"cve@mitre.org"},{"url":"https://github.com/freerangerouting/frr/pull/63","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://savannah.nongnu.org/forum/forum.php?forum_id=8783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95745","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037688","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/freerangerouting/frr/pull/63","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.quagga.net/pipermail/quagga-dev/2017-January/016586.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10158","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T21:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1."},{"lang":"es","value":"La función exif_convert_any_to_int en ext/exif/exif.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15, y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de datos EXIF manipulados que desencadenan un intento de dividir el entero negativo mínimo representable por -1."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.29","matchCriteriaId":"C73E784C-E707-4C48-B286-A4958D402DD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6B90B947-7B54-47F3-9637-2F4AC44079EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"35848414-BD5D-4164-84DC-61ABBB1C4152"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"2B1F8402-8551-4F66-A9A7-81D472AB058E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7A773E8E-48CD-4D35-A0FD-629BD9334486"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*","matchCriteriaId":"FC492340-79AF-4676-A161-079A97EC6F0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*","matchCriteriaId":"F1C2D8FE-C380-4B43-B634-A3DBA4700A71"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3EB58393-0C10-413C-8D95-6BAA8BC19A1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*","matchCriteriaId":"751F51CA-9D88-4971-A6EC-8C0B72E8E22B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*","matchCriteriaId":"37B74118-8FC2-44CB-9673-A83DF777B2E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*","matchCriteriaId":"4D56A200-1477-40DA-9444-CFC946157C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*","matchCriteriaId":"FD0D1CCC-A857-4C15-899E-08F9255CEE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*","matchCriteriaId":"6745CC43-2836-4CD8-848F-EEA08AE9D5AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*","matchCriteriaId":"7BEB6696-14F9-4D9B-9974-B682FFBB828E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*","matchCriteriaId":"04146390-021D-4147-9830-9EAA90D120A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0C68AA43-ED90-4B98-A5F8-4E210C2CC7CD"}]}]}],"references":[{"url":"http://php.net/ChangeLog-5.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95764","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"cve@mitre.org"},{"url":"https://bugs.php.net/bug.php?id=73737","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"cve@mitre.org"},{"url":"https://www.tenable.com/security/tns-2017-04","source":"cve@mitre.org"},{"url":"http://php.net/ChangeLog-5.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95764","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.php.net/bug.php?id=73737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/1cda0d7c2ffb62d8331c64e703131d9cabdc03ea","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.tenable.com/security/tns-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10159","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T21:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive."},{"lang":"es","value":"Desbordamiento de entero en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o caída de aplicación) a través de una entrada de manifiesto truncado en un archivo PHAR."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.29","matchCriteriaId":"C73E784C-E707-4C48-B286-A4958D402DD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.15","matchCriteriaId":"3A59822F-11EA-4F4D-9721-6D3DD9842FC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.1.0:-:*:*:*:*:*:*","matchCriteriaId":"CED53910-5DFB-44F6-B2A9-38518B245EEB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://php.net/ChangeLog-5.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95774","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=73764","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/ca46d0acbce55019b970fcd4c1e8a10edfdded93","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2017-04","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://php.net/ChangeLog-5.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95774","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=73764","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/ca46d0acbce55019b970fcd4c1e8a10edfdded93","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10160","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T21:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch."},{"lang":"es","value":"Error por un paso en la función phar_parse_pharfile en ext/phar/phar.c en PHP en versiones anteriores a 5.6.30 y 7.0.x en versiones anteriores a 7.0.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un archivo PHAR manipulado con un desajuste del alias."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-193"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndExcluding":"5.6.30","matchCriteriaId":"F62FA4CA-E2F5-4414-B07D-AFD68388412A"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.15","matchCriteriaId":"3A59822F-11EA-4F4D-9721-6D3DD9842FC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0","versionEndExcluding":"7.1.1","matchCriteriaId":"473456E3-B45F-46C0-AEF8-72D78487CF38"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://php.net/ChangeLog-5.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95783","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=73768","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://github.com/php/php-src/commit/b28b8b2fee6dfa6fcd13305c581bb835689ac3be","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2017-04","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://php.net/ChangeLog-5.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=73768","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://github.com/php/php-src/commit/b28b8b2fee6dfa6fcd13305c581bb835689ac3be","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.tenable.com/security/tns-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10161","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T21:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call."},{"lang":"es","value":"La función object_common1 en ext/standard/var_unserializer.c en PHP en versiones anteriores a 5.6.30, 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer y caída de aplicación) a través de datos serializados manipulados que se maneja mal en una llamada finish_nested_data."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.29","matchCriteriaId":"C73E784C-E707-4C48-B286-A4958D402DD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6B90B947-7B54-47F3-9637-2F4AC44079EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"35848414-BD5D-4164-84DC-61ABBB1C4152"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"2B1F8402-8551-4F66-A9A7-81D472AB058E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7A773E8E-48CD-4D35-A0FD-629BD9334486"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*","matchCriteriaId":"FC492340-79AF-4676-A161-079A97EC6F0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*","matchCriteriaId":"F1C2D8FE-C380-4B43-B634-A3DBA4700A71"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3EB58393-0C10-413C-8D95-6BAA8BC19A1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*","matchCriteriaId":"751F51CA-9D88-4971-A6EC-8C0B72E8E22B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*","matchCriteriaId":"37B74118-8FC2-44CB-9673-A83DF777B2E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*","matchCriteriaId":"4D56A200-1477-40DA-9444-CFC946157C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*","matchCriteriaId":"FD0D1CCC-A857-4C15-899E-08F9255CEE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*","matchCriteriaId":"6745CC43-2836-4CD8-848F-EEA08AE9D5AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*","matchCriteriaId":"7BEB6696-14F9-4D9B-9974-B682FFBB828E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*","matchCriteriaId":"04146390-021D-4147-9830-9EAA90D120A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0C68AA43-ED90-4B98-A5F8-4E210C2CC7CD"}]}]}],"references":[{"url":"http://php.net/ChangeLog-5.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95768","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"cve@mitre.org"},{"url":"https://bugs.php.net/bug.php?id=73825","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"cve@mitre.org"},{"url":"https://www.tenable.com/security/tns-2017-04","source":"cve@mitre.org"},{"url":"http://php.net/ChangeLog-5.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3783","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95768","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037659","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.php.net/bug.php?id=73825","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/16b3003ffc6393e250f069aa28a78dc5a2c064b2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-29","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20180112-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.tenable.com/security/tns-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10162","sourceIdentifier":"cve@mitre.org","published":"2017-01-24T21:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call."},{"lang":"es","value":"La función php_wddx_pop_element en ext/wddx/wddx.c en PHP 7.0.x en versiones anteriores a 7.0.15 y 7.1.x en versiones anteriores a 7.1.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un nombre de clase inaplicable en un documento XML wddxPacket, esto lleva a un mal manejo en una llamada la wddx_deserialize."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DB6890AF-8A0A-46EE-AAD5-CF9AAE14A321"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6B90B947-7B54-47F3-9637-2F4AC44079EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"35848414-BD5D-4164-84DC-61ABBB1C4152"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"2B1F8402-8551-4F66-A9A7-81D472AB058E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7A773E8E-48CD-4D35-A0FD-629BD9334486"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.5:*:*:*:*:*:*:*","matchCriteriaId":"FC492340-79AF-4676-A161-079A97EC6F0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.6:*:*:*:*:*:*:*","matchCriteriaId":"F1C2D8FE-C380-4B43-B634-A3DBA4700A71"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3EB58393-0C10-413C-8D95-6BAA8BC19A1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.8:*:*:*:*:*:*:*","matchCriteriaId":"751F51CA-9D88-4971-A6EC-8C0B72E8E22B"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.9:*:*:*:*:*:*:*","matchCriteriaId":"37B74118-8FC2-44CB-9673-A83DF777B2E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.10:*:*:*:*:*:*:*","matchCriteriaId":"4D56A200-1477-40DA-9444-CFC946157C69"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.11:*:*:*:*:*:*:*","matchCriteriaId":"FD0D1CCC-A857-4C15-899E-08F9255CEE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.12:*:*:*:*:*:*:*","matchCriteriaId":"6745CC43-2836-4CD8-848F-EEA08AE9D5AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.13:*:*:*:*:*:*:*","matchCriteriaId":"7BEB6696-14F9-4D9B-9974-B682FFBB828E"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.0.14:*:*:*:*:*:*:*","matchCriteriaId":"04146390-021D-4147-9830-9EAA90D120A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0C68AA43-ED90-4B98-A5F8-4E210C2CC7CD"}]}]}],"references":[{"url":"http://php.net/ChangeLog-7.php","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95668","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037659","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"cve@mitre.org"},{"url":"https://bugs.php.net/bug.php?id=73831","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://php.net/ChangeLog-7.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037659","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:1296","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.php.net/bug.php?id=73831","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/php/php-src/commit/8d2539fa0faf3f63e1d1e7635347c5b9e777d47b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8214","sourceIdentifier":"security_alert@emc.com","published":"2017-01-25T11:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers."},{"lang":"es","value":"EMC Avamar Data Store (ADS) y Avamar Virtual Edition (AVE) versiones 7.3.0 y 7.3.1 contienen una vulnerabilidad que pueden permitir a administradores maliciosos comprometer servidores Avamar."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:avamar_data_store:7.3.0:*:*:*:*:*:*:*","matchCriteriaId":"969889C5-1C21-4195-B2DB-47D0A5DE17B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:avamar_data_store:7.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8187075-A39A-4D22-9DFE-46791243A401"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:avamar_virtual_edition:7.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E32EB5D4-C4DC-41EE-BD5B-4AABD6F91F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:avamar_virtual_edition:7.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7FED7CC2-47DC-4CD7-BB0F-9DDE2D027A82"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540031/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95719","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037667","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540031/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95719","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037667","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8215","sourceIdentifier":"security_alert@emc.com","published":"2017-01-25T11:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC RSA Security Analytics 10.5.3 y 10.6.2 contienen correcciones para una vulnerabilidad Reflected Cross-Site Scripting que podría ser potencialmente explotada por usuarios maliciosos para comprometer al sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:rsa_security_analytics:10.5:*:*:*:*:*:*:*","matchCriteriaId":"76717FB7-6A6A-49CD-B24B-3D7B9C40C4C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:rsa_security_analytics:10.5.1:*:*:*:*:*:*:*","matchCriteriaId":"BD49758B-922A-4E88-950B-0BF345E7B68D"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:rsa_security_analytics:10.5.2:*:*:*:*:*:*:*","matchCriteriaId":"B1DD55BD-B521-427C-B8C3-23BA5B5B1383"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:rsa_security_analytics:10.6:*:*:*:*:*:*:*","matchCriteriaId":"0BC21D76-A08A-4A30-BA44-582F452E3B27"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:rsa_security_analytics:10.6.1:*:*:*:*:*:*:*","matchCriteriaId":"6374633F-4ED0-4C90-B0AE-F3656DA1FDF3"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540032/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95718","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037666","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540032/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95718","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037666","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5594","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T18:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerability the remote attacker is able to reset the registered user's password, when the debug toolbar is enabled. The password is successfully recovered using this exploit. The SecureLayer7 ID is SL7_PGKT_01."},{"lang":"es","value":"Se descubrió un problema en Pagekit CMS en versiones anteriores a 1.0.11. En esta vulnerabilidad el atacante remoto es capaz de restablecer la contraseña del usuario registrado, cuando la barra de herramienta de depuración está habilitada. La contraseña se recupera con éxito utilizando este exploit. El ID de SecureLayer7 es SL7_PGKT_01."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pagekit:pagekit:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.10","matchCriteriaId":"6AADEFDE-AA29-4ABE-A1DA-BBE3841838B1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95806","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41143/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95806","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/pagekit/pagekit/commit/e0454f9c037c427a5ff76a57e78dbf8cc00c268b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://securelayer7.net/download/pdf/SecureLayer7-Pentest-report-Pagekit-CMS.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://securelayer7.net/download/poc/password-reset-vulnerability-exploit-ruby-pagekit-cms.rb.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41143/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9303","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T19:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files."},{"lang":"es","value":"Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario o provocar una condición de bucle infinito al leer o convertir archivos de formato FBX mal formados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.0","matchCriteriaId":"B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2"}]}]}],"references":[{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95805","source":"cve@mitre.org"},{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95805","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9304","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T19:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files."},{"lang":"es","value":"Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato DFX mal formados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.0","matchCriteriaId":"B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2"}]}]}],"references":[{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95799","source":"cve@mitre.org"},{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95799","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9305","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T19:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers."},{"lang":"es","value":"Manipulación incorrecta en el SDK de Autodesk FBX en versiones anteriores a 2017.1 de desajustes de tipo y objetos eliminados anteriormente relacionados con la lectura y conversión de archivos de formato FBX mal formados pueden permitir a atacantes obtener acceso a punteros no inicializados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.0","matchCriteriaId":"B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2"}]}]}],"references":[{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95803","source":"cve@mitre.org"},{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95803","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9306","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T19:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files."},{"lang":"es","value":"Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato DAE mal formados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.0","matchCriteriaId":"B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2"}]}]}],"references":[{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95807","source":"cve@mitre.org"},{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95807","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9307","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T19:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files."},{"lang":"es","value":"Múltiples desbordamientos de búfer en el SDK de Autodesk FBX en versiones anteriores a 2017.1 pueden permitir a atacantes ejecutar código arbitrario al leer o convertir archivos de formato 3DS mal formados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autodesk:fbx_software_development_kit:*:*:*:*:*:*:*:*","versionEndIncluding":"2017.0","matchCriteriaId":"B39E57BA-AAD4-4572-AF3F-3D57BB0D6BF2"}]}]}],"references":[{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95802","source":"cve@mitre.org"},{"url":"http://www.autodesk.com/trust/security-advisories/adsk-sa-2016-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95802","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5596","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T21:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow."},{"lang":"es","value":"En Wireshark 2.2.0 hasta la versión 2.2.3 y 2.0.0 hasta la versión 2.0.9, el disector ASTERIX podría entrar en un bucle infinito, desencadenado por la inyección de paquetes o un archivo de captura mal formado. Esto fue abordado en epan/dissectors/packet-asterix.c cambiando un tipo de datos para evitar un desbordamiento de enteros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"80E2A443-32DB-4C8B-8D2D-AE4F80A154A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2EF0B55F-A412-48E2-9047-7CCA8442766D"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"C45C7F24-9B97-4FF6-AFE8-102EDA0B26D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D8BE013B-8615-49DB-939E-B7E289171467"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"FDB30F17-A41A-4F09-977F-AB91E509247E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"D900BA83-D5D3-4A8D-8C32-D135A3E5190E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"A630396B-1D60-4C45-9A45-F15E542B1C1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F9A6D9AC-17D2-4A8F-A32A-23E8854D5514"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"03EF9BF7-868D-4E3C-978D-B3B5241011B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"B0F77523-59BD-431A-A790-C3886D337EEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"32F65580-D1F4-4ABC-A358-545BF29D8089"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E6568A81-BE0B-4AEF-808C-74CD0C2EE9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"DFFBDC3C-3701-4890-8AA5-AD96EB528F05"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"AB13134E-A2E8-46A5-88B2-E2C2C24B6780"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95795","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037694","source":"cve@mitre.org"},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://code.wireshark.org/review/#/c/19746/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=781f03580c81339513bb1238b202b72469a1240b","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-01.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95795","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037694","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://code.wireshark.org/review/#/c/19746/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=781f03580c81339513bb1238b202b72469a1240b","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/835.html\">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>"}},{"cve":{"id":"CVE-2017-5597","sourceIdentifier":"cve@mitre.org","published":"2017-01-25T21:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow."},{"lang":"es","value":"En Wireshark 2.2.0 hasta la versión 2.2.3 y 2.0.0 hasta la versión 2.0.9, el disector DHCPv6 podría entrar en un bucle grande, desencadenado por la inyección de paquetes o un archivo de captura mal formado. Esto fue abordado en epan/dissectors/packet-dhcpv6.c cambiando un tipo de dato para evitar un desbordamiento de enteros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"80E2A443-32DB-4C8B-8D2D-AE4F80A154A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2EF0B55F-A412-48E2-9047-7CCA8442766D"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"C45C7F24-9B97-4FF6-AFE8-102EDA0B26D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D8BE013B-8615-49DB-939E-B7E289171467"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"FDB30F17-A41A-4F09-977F-AB91E509247E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"D900BA83-D5D3-4A8D-8C32-D135A3E5190E"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"A630396B-1D60-4C45-9A45-F15E542B1C1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F9A6D9AC-17D2-4A8F-A32A-23E8854D5514"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"03EF9BF7-868D-4E3C-978D-B3B5241011B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"B0F77523-59BD-431A-A790-C3886D337EEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"32F65580-D1F4-4ABC-A358-545BF29D8089"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E6568A81-BE0B-4AEF-808C-74CD0C2EE9FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"DFFBDC3C-3701-4890-8AA5-AD96EB528F05"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"AB13134E-A2E8-46A5-88B2-E2C2C24B6780"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95798","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037694","source":"cve@mitre.org"},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://code.wireshark.org/review/#/c/19747/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=57894f741f7cc98b46c9fdce7eee8256d2a4ae3f","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-02.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037694","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://code.wireshark.org/review/#/c/19747/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=57894f741f7cc98b46c9fdce7eee8256d2a4ae3f","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-02.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9216","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload. More Information: CSCuy06917 CSCuy45036 CSCuy59525. Known Affected Releases: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Known Fixed Releases: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135."},{"lang":"es","value":"Una vulnerabilidad de denegación de servicio del análisis de paquetes IKE en el proceso ipsecmgr del software Cisco ASR 5000 podría permitir a un atacante remoto no autenticado provocar que el proceso ipsecmgr se recargue. Más información: CSCuy06917 CSCuy45036 CSCuy59525. Lanzamientos afectados conocidos: 20.0.0 20.0.M0.62842 20.0.v0 20.0.M0.63229 20.1.0 20.1.a0 20.1.v0 21.0.0 21.0.v0. Lanzamientos fijos conocidos: 20.0.0 20.0.0.63250 20.0.M0.63148 20.0.R0.63294 20.0.R0.63316 20.0.V0.63170 20.0.VG0.63188 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.A0.63166 20.2.A0.63174 20.1.A0.63232 20.2.A0.63237 20.0.M0.63226 20.0.M0.63229 20.0.R0.63294 20.0.R0.63316 20.0.V0.63263 20.0.VG0.63233 20.0.v0 20.0.v0.64175 20.0.vg0.63522 20.1.0 20.1.0.63959 20.1.M0.63876 20.1.T0.63886 20.1.V0.64231 20.1.VA0.64194 20.1.VB0.64210 20.1.a0 20.1.a0.64023 20.1.v0 20.1.v0.64607 20.2.A0.63895 21.0.0 21.0.0.65256 21.0.M0.63881 21.0.M0.64281 21.0.PP0.64366 21.0.V0.65052 21.0.v0 21.0.v0.65831 21.0.vb0.65887 21.1.R0.65130 21.1.R0.65135."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BCE327B4-D5D7-48CD-81CE-2729CA9DC7D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"819DA43C-A5B8-4EEC-B924-727D47477614"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.1.a0:*:*:*:*:*:*:*","matchCriteriaId":"49787FCE-06CF-4A4E-ACC0-AC83A25B8440"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.1.v0:*:*:*:*:*:*:*","matchCriteriaId":"8B8F5686-FA3A-43C9-94B8-0F483ADC02FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.m0.62842:*:*:*:*:*:*:*","matchCriteriaId":"CDE98F06-0B06-4B34-83AF-1678D6E0B2FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.m0.63229:*:*:*:*:*:*:*","matchCriteriaId":"C228B7E2-07E2-4894-BDE4-BDB2F9B24198"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:20.0.v0:*:*:*:*:*:*:*","matchCriteriaId":"232E0002-C9FE-4E4D-A83D-7BDC6507951B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:asr_5000_series_software:21.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4696D17E-9AD1-4F7F-B560-99A61F46867C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95629","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037652","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037652","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-asr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9218","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvc28662. Known Affected Releases: 1.0."},{"lang":"es","value":"Una vulnerabilidad en Cisco Hybrid Meeting Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra el usuario de la interfaz web. Más información: CSCvc28662. Lanzamientos afectados conocidos: 1.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:hybrid_meeting_server:1.0_base:*:*:*:*:*:*:*","matchCriteriaId":"A5A9AAAA-8BA1-45EE-A56A-58DE3A011B6C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95634","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-hms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9220","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests. More Information: CSCvb66659. Known Affected Releases: 8.2(130.0). Known Fixed Releases: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91)."},{"lang":"es","value":"Una vulnerabilidad de denegación de servicio en el procesamiento del paquete de entrada 802.11 de los Access Points (APs) de Cisco Mobility Express 2800 y 3800 podrían permitir a un atacante adyacente no autenticado provocar que la tabla de conexiones esté repleta de conexiones no válidas y sea incapaz de procesar nuevas peticiones de entrada. Más información: CSCvb66659. Lanzamientos afectados conocidos: 8.2(130.0). Lanzamientos reparados conocidos: 8.2(131.10) 8.2(131.6) 8.2(141.0) 8.3(104.56) 8.4(1.88) 8.4(1.91)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:aironet_access_point_software:8.2\\(130.0\\):*:*:*:*:*:*:*","matchCriteriaId":"D773319E-065B-4476-93AC-7444563FACD1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95633","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1","source":"psirt@cisco.com"},{"url":"http://www.securityfocus.com/bid/95633","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9221","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail. Affected Products: This vulnerability affects Cisco Mobility Express 2800 Series and 3800 Series Access Points when configured in local mode in 40 MHz. More Information: CSCvb33575. Known Affected Releases: 8.2(121.12) 8.4(1.82). Known Fixed Releases: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85)."},{"lang":"es","value":"Una vulnerabilidad de denegación de servicio en el manejo de la autenticación de conexión de ingreso 802.11 para los Access Points (APs) 2800 y 3800 de Cisco Mobility Express podría permitir a un atacante adyacente no autenticado provocar que la autenticación falle. Productos afectados: Esta vulnerabilidad afecta a Cisco Mobility Express 2800 Series y 3800 Series Access Points cuando son configurados en modo local en 40 MHz. Más información: CSCvb33575. Lanzamientos afectados conocidos: 8.2(121.12) 8.4(1.82). Lanzamientos reparados conocidos: 8.2(131.2) 8.2(131.3) 8.2(131.4) 8.2(141.0) 8.3(104.53) 8.3(104.54) 8.4(1.80) 8.4(1.85)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:aironet_access_point_software:8.2\\(121.12\\):*:*:*:*:*:*:*","matchCriteriaId":"49309998-D816-43BC-BA6D-BE1BFE383DA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:aironet_access_point_software:8.4\\(1.82\\):*:*:*:*:*:*:*","matchCriteriaId":"6959C12E-AEC2-415E-972D-18B6D9D717EB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95631","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cme2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9222","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb15229. Known Affected Releases: 1.0(2)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco NetFlow Generation Appliance podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Más información: CSCvb15229. Lanzamientos afectados conocidos: 1.0(2)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:netflow_generation_appliance:1.0\\(2\\):*:*:*:*:*:*:*","matchCriteriaId":"3BFB3950-8BE9-4B30-84CA-E49C0205D5F8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95640","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nga","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3794","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12."},{"lang":"es","value":"Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de CSRF contra un usuario administrativo. Más información: CSCuz03317. Lanzamientos afectados conocidos: 2.6. Lanzamientos reparados conocidos: 2.7.1.12."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"F8745FD6-B0B3-46A9-9254-7B13877D7080"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95635","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037649","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95635","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037649","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3795","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.343","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12."},{"lang":"es","value":"Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado llevar a cabo cambios arbitrarios de contraseña contra cualquier usuario no administrativo. Más información: CSCuz03345. Lanzamientos afectados conocidos: 2.6. Lanzamientos reparados conocidos: 2.7.1.12."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"F8745FD6-B0B3-46A9-9254-7B13877D7080"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95643","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037650","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95643","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037650","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3796","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6."},{"lang":"es","value":"Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto autenticado ejecutar comandos shell predeterminados en otros anfitriones. Más información: CSCuz03353. Lanzamientos afectados conocidos: 2.6."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"F8745FD6-B0B3-46A9-9254-7B13877D7080"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95641","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037651","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95641","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037651","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3797","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.403","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7."},{"lang":"es","value":"Una vulnerabilidad en Cisco WebEx Meetings Server podría permitir a un atacante remoto no autenticado ver el nombre del dominio completo del servidor de administración de Cisco WebEx. Más información: CSCvb60655. Lanzamientos afectados conocidos: 2.7."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"ABA0048F-B88D-47F6-89D6-B7EDDECBF700"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*","matchCriteriaId":"30ECA8FE-D587-4692-AA90-9706E44BAC1D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95639","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037648","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037648","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3798","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457)."},{"lang":"es","value":"Una vulnerabilidad de XSS de elusión de filtro en la interfaz de gestión basada en web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado montar ataques de XSS contra un usuario de un dispositivo afectado. Más información: CSCvb97237. Lanzamientos afectados conocidos: 11.0(1.10000.10) 11.5(1.10000.6). Lanzamientos reparados conocidos: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.12000.1\\):*:*:*:*:*:*:*","matchCriteriaId":"A590BFE0-536A-4E8A-AB30-F85A9FB3397D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95872","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037653","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95872","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037653","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3799","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.483","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1."},{"lang":"es","value":"Una vulnerabilidad en un parámetro URL de Cisco WebEx Meeting Center podría permitir a un atacante remoto no autenticado realizar redirección de sitio. Más información: CSCzu78401. Lanzamientos afectados conocidos: T28.1."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:wbs28_base:*:*:*:*:*:*:*","matchCriteriaId":"CC7551C8-7EF8-448E-97B0-6DD466E788DC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95642","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037647","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4","source":"psirt@cisco.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95642","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037647","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-wms4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3800","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.513","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz16076. Known Affected Releases: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Known Fixed Releases: 10.0.1-083 10.0.1-087."},{"lang":"es","value":"Una vulnerabilidad en el motor de escaneo de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir el mensaje configurado o filtros de contenido en el dispositivo. Productos afectados: Esta vulnerabilidad afecta a todos los lanzamientos anteriores al primer lanzamiento reparado de Cisco AsyncOS Software para Cisco Email Security Appliances, tanto accesorios virtuales como de hardware, si el software está configurado para aplicar un filtro de mensajes o de contenido a los archivos adjuntos de correos electrónicos entrantes. La vulnerabilidad no se limita a reglas o acciones específicas para un filtro de mensajes o contenido. Más información: CSCuz16076. Lanzamientos afectados conocidos: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Lanzamientos reparados conocidos: 10.0.1-083 10.0.1-087."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:email_security_appliance:9.7.1-066:*:*:*:*:*:*:*","matchCriteriaId":"72DADB2C-D86D-44B5-B87B-289990A7D9B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:email_security_appliance:9.7.1-hp2-207:*:*:*:*:*:*:*","matchCriteriaId":"A99F44A9-E698-4C40-901D-98908876AC85"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:email_security_appliance:9.8.5-085:*:*:*:*:*:*:*","matchCriteriaId":"125A9475-18A8-44AF-B73E-B23D40EF63F5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95637","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037656","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95637","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037656","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-esa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3802","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc20679. Known Affected Releases: 12.0(0.99000.9). Known Fixed Releases: 12.0(0.98000.176) 12.0(0.98000.414) 12.0(0.98000.531) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.8)."},{"lang":"es","value":"Una vulnerabilidad en el motor de escaneo de contenido de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir el mensaje configurado o filtros de contenido en el dispositivo. Productos afectados: Esta vulnerabilidad afecta a todos los lanzamientos anteriores al primer lanzamiento reparado de Cisco AsyncOS Software para Cisco Email Security Appliances, tanto accesorios virtuales como de hardware, si el software está configurado para aplicar un filtro de mensajes o de contenido a los archivos adjuntos de correos electrónicos entrantes. La vulnerabilidad no se limita a reglas o acciones específicas para un filtro de mensajes o contenido. Más información: CSCuz16076. Lanzamientos afectados conocidos: 9.7.1-066 9.7.1-HP2-207 9.8.5-085. Lanzamientos reparados conocidos: 10.0.1-083 10.0.1-087."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:12.0\\(0.99000.9\\):*:*:*:*:*:*:*","matchCriteriaId":"B63D5440-BFC6-4CAC-8F9F-81E494C0A666"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95636","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037655","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95636","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037655","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3803","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition. More Information: CSCva72252. Known Affected Releases: 15.2(2)E3 15.2(4)E1. Known Fixed Releases: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E."},{"lang":"es","value":"Una vulnerabilidad en la cola de reenvío de Cisco IOS Software de los interruptores Cisco 2960X y 3750X podría permitir a un atacante adyacente no autenticado provocar una fuga de memoria en la cola de reenvío del software que podría conducir eventualmente a una condición de denegación de servicio (DoS) parcial. Más información: CSCva72252. Lanzamientos afectados conocidos: 15.2(2)E3 15.2(4)E1. Lanzamientos reparados conocidos: 15.2(2)E6 15.2(4)E3 15.2(5)E1 15.2(5.3.28i)E1 15.2(6.0.49i)E 3.9(1)E."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios:15.2\\(2\\)e3:*:*:*:*:*:*:*","matchCriteriaId":"72782F95-948D-489B-A19A-9DAB825DFE4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios:15.2\\(4\\)e1:*:*:*:*:*:*:*","matchCriteriaId":"80114F8D-320D-41FF-ADD3-729E250A8CD4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95632","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037657","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst","source":"psirt@cisco.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95632","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037657","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-catalyst","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3804","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device. Switches in the FabricPath domain crash because of an __inst_001__isis_fabricpath hap reset when processing a crafted link-state packet. More Information: CSCvc45002. Known Affected Releases: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Known Fixed Releases: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788)."},{"lang":"es","value":"Una vulnerabilidad en el protocolo de procesamiento de paquetes Intermediate System-to-Intermediate System (IS-IS) de software Cisco Nexus 5000, 6000 y 7000 Series Switches podría permitir a un atacante adyacente no autenticado provocar un reinicio de los dispositivos afectados. Switches en el dominio FabricPath se bloquea a causa de un reinicio hap __inst_001__isis_fabricpath cuando se procesa un paquete de estado de enlace manipulado. Más información: CSCvc45002. Lanzamientos afectados conocidos: 7.1(3)N1(2.1) 7.1(3)N1(3.12) 7.3(2)N1(0.296) 8.0(1)S2. Lanzamientos reparados conocidos: 6.2(18)S11 7.0(3)I5(1.170) 7.0(3)I5(2) 7.1(4)N1(0.4) 7.1(4)N1(1b) 7.1(5)N1(0.986) 7.1(5)N1(1) 7.2(3)D1(0.8) 7.3(2)N1(0.304) 7.3(2)N1(1) 8.0(0.96)S0 8.0(1) 8.0(1)E1 8.0(1)S4 8.3(0)CV(0.788)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:N/I:N/A:C","baseScore":5.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":5.5,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(2.1\\):*:*:*:*:*:*:*","matchCriteriaId":"C97083C8-89AE-4D0D-A039-1B798D60B573"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:nx-os:7.1\\(3\\)n1\\(3.12\\):*:*:*:*:*:*:*","matchCriteriaId":"768151A3-CCF6-4F37-877F-4F1F2CD60791"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:nx-os:7.3\\(2\\)n1\\(0.296\\):*:*:*:*:*:*:*","matchCriteriaId":"8BB84933-1B94-474A-ABB6-AFF91B62446A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:nx-os:8.0\\(1\\)s2:*:*:*:*:*:*:*","matchCriteriaId":"167FD2BD-A610-4966-86DF-DA5C78E0D3D2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:nexus_5000:-:*:*:*:*:*:*:*","matchCriteriaId":"4F2B1E07-8519-4F58-9048-81ABA12E01DC"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:nexus_6001:-:*:*:*:*:*:*:*","matchCriteriaId":"A9662D6B-AF0F-45C8-B7CD-AE7C76593FDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:nexus_6004:-:*:*:*:*:*:*:*","matchCriteriaId":"4F557E38-09F6-42C6-BABA-3C3168B38BBA"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:nexus_7000:-:*:*:*:*:*:*:*","matchCriteriaId":"12180BEB-7F21-4FA7-ABD2-E9A8EA7340F3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95638","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037658","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95638","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037658","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-nexus","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3805","sourceIdentifier":"psirt@cisco.com","published":"2017-01-26T07:59:00.653","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device. Affected Products: This vulnerability affects Cisco IOS Software and Cisco IOx Software running on IR829, IR809, IE4K, and CGR1K platforms. More Information: CSCvb20897. Known Affected Releases: 1.0(0)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco IOS y Cisco IOx Software podría permitir a un atacante remoto no autenticado ver información confidencial que es mostrada sin autenticar el dispositivo. Productos afectados: Esta vulnerabilidad afecta a Cisco IOS Software y Cisco IOx Software que se ejecutan en plataformas IR829, IR809, IE4K y CGR1K. Más información: CSCvb20897. Lanzamientos afectados conocidos: 1.0(0)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:iox:1.0\\(0\\):*:*:*:*:*:*:*","matchCriteriaId":"502F7CF1-A15A-4CEA-8010-8FD15671D9A6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95644","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037654","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037654","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-ios","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10013","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation."},{"lang":"es","value":"Xen hasta la versión 4.8.x permite a usuarios locales 64-bit x86 HVM invitados del SO obtener privilegios aprovechando el manejo incorrecto de singlestep SYSCALL durante la emulación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.0","matchCriteriaId":"099FC9FA-B2B0-48FC-8E1A-07784D9A2D67"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3847","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94963","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037491","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-204.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94963","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-204.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10024","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations."},{"lang":"es","value":"Xen hasta la versión 4.8.x permite a administradores del kernel locales x86 PV invitados del SO provocar una denegación de servicio (cuelgue del anfitrión o caída) modificando el flujo de instrucciones asincrónicamente mientras se llevan a cabo ciertas operaciones del kernel."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.0","matchCriteriaId":"099FC9FA-B2B0-48FC-8E1A-07784D9A2D67"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3847","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95021","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037517","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-202.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX219378","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95021","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037517","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-202.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX219378","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10025","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check."},{"lang":"es","value":"Emulación VMFUNC en Xen 4.6.x hasta la versión 4.8.x en sistemas x86 que usan extensiones de virtualización AMD (también conocidas como SVM) permite a usuarios locales HVM invitados del SO provocar una denegación de servicio (bloqueo del hipervisor) aprovechando una verificación perdida del puntero NULL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B814C381-4991-495A-B530-7543F977B346"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"BBB7BAFE-9CB4-40D2-908C-55307728116F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.8.0:*:*:*:*:*:*:*","matchCriteriaId":"A4447FA6-EDE7-4915-8238-2EA4CE782E96"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95026","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037518","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-203.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX219378","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95026","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037518","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-203.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://support.citrix.com/article/CTX219378","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6908","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as \"/\", \"?\" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character."},{"lang":"es","value":"Caracteres de lenguas como el árabe o el hebreo se muestran en orden RTL (de derecha a izquierda) en Opera 37.0.2192.105088 para Android, debido al manejo incorrecto de muchos caracteres unicode como U+FE70, U+0622, U+0623 etc y cómo se representan combinadas (primer carácter fuerte) como una dirección IP o alfabeto podría conducir a una URL falsificada. Se ha advertido que poniendo caracteres neutrales como \"/\", \"?\" en la ruta de archivo provoca que la URL sea volteada y mostrada de derecha a izquierda. Sin embargo, para que la URL sea suplantada, debe comenzar con una dirección de IP seguida por caracteres neutrales ya que omnibox considera que la dirección IP es una combinación de puntuación y números y dado que la dirección LTR (izquierda a derecha) no es forzada adecuadamente, esto provoca que toda la URL sea tratada y representado desde RTL (derecha a izquierda). Sin embargo, no tiene que ser una dirección IP, lo que importa es que el primer carácter fuerte (generalmente, carácter alfabético) en la URL debe ser un carácter RTL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opera:opera_browser:37.0.2192.105088:*:*:*:*:android:*:*","matchCriteriaId":"1199533F-B97B-47D1-A249-817F46575FE8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92701","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/92701","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6911","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image."},{"lang":"es","value":"La función dynamicGetbuf en GD Graphics Library (librería también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una imagen TIFF manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.3","matchCriteriaId":"E040BCCE-C098-492F-990F-D0196B519B10"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3693","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95840","source":"cve@mitre.org"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/pull/353","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3693","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95840","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/pull/353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6912","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values."},{"lang":"es","value":"Vulnerabilidad de liberación doble en la función gdImageWebPtr en la GD Graphics Library (librería libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos tener impacto no especificado a través de valores de anchura y altura grandes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.3","matchCriteriaId":"E040BCCE-C098-492F-990F-D0196B519B10"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3777","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95843","source":"cve@mitre.org"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3777","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95843","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9317","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image."},{"lang":"es","value":"La función gdImageCreate en GD Graphics Library (librería también conocida como libgd) en versiones anteriores a 2.2.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) a través de una imagen sobredimensionada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgd:libgd:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.3","matchCriteriaId":"E040BCCE-C098-492F-990F-D0196B519B10"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3777","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95841","source":"cve@mitre.org"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3777","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95841","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libgd/libgd/blob/gd-2.2.4/CHANGELOG.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/libgd/libgd/commit/1846f48e5fcdde996e7c27a4bbac5d0aef183e4b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9932","sourceIdentifier":"cve@mitre.org","published":"2017-01-26T15:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a \"supposedly-ignored\" operand size prefix."},{"lang":"es","value":"Emulación CMPXCHG8B en Xen 3.3.x hasta la versión 4.7.x en sistemas x86 permite a usuarios locales HVM invitados del SO obtener información sensible de la memoria basada en pila del anfitrión a través de un prefijo de tamaño de operando \"supuestamente ignorado\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.3.0:*:*:*:*:*:*:*","matchCriteriaId":"EB157D09-B91B-486A-A9F7-C9BA75AE8823"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"FA95119D-EAF1-48D4-AE7C-0C4927D06CDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"5D40E4E4-3FCB-4980-8DD2-49DDABCB398E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.4.0:*:*:*:*:*:*:*","matchCriteriaId":"7F7D1B7E-C30F-430F-832D-2A405DA1F2D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B7C1D0AD-B804-474C-96A3-988BADA0DAD2"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.4.2:*:*:*:*:*:*:*","matchCriteriaId":"1DCD1F05-9F96-40DD-B506-750E87306325"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.4.3:*:*:*:*:*:*:*","matchCriteriaId":"25B6AE42-E1EB-47A8-8FAF-7A93A67EC67F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:3.4.4:*:*:*:*:*:*:*","matchCriteriaId":"60BADA43-94D5-4E80-B5C8-D01A0249F13E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"550223A9-B9F1-440A-8C25-9F0F76AF7301"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FC734D58-96E5-4DD2-8781-F8E0ADB96462"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"62CEC1BF-1922-410D-BCBA-C58199F574C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"923F2C2B-4A65-4823-B511-D0FEB7C7FAB2"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C1A24DED-B2EC-4D9C-9FA4-DD37EF3E3BFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0D532B60-C8DD-4A2F-9D05-E574D23EB754"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5D83CA8B-8E49-45FA-8FAB-C15052474542"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"27537DF5-7E0F-463F-BA87-46E329EE07AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3EA4F978-9145-4FE6-B4F9-15207E52C40A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"22A995FD-9B7F-4DF0-BECF-4B086E470F1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"219597E2-E2D7-4647-8A7C-688B96300158"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.6:*:*:*:*:*:*:*","matchCriteriaId":"A0C59417-493C-493A-9AB2-317F240BF387"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"65E55950-EACA-4209-B2A1-E09026FC6006"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"8F0AF8EF-6FF6-4E22-B16E-82C9F90C6B00"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"47640819-FC43-49ED-8A77-728C3D7255B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"2448537F-87AD-45C1-9FB0-7A49CA31BD76"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"E36B2265-70E1-413B-A7CF-79D39E9ADCFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"37148A72-BE20-45C5-8589-2309ED84D08C"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"FB736B4C-325A-4B27-8C8A-15E60B8A8C82"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BF948E6A-07BE-4C7D-8A98-002E89D35F4D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"C0E23B94-1726-4F63-84BB-8D83FAB156D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C76124AB-4E3D-4BE0-AAEA-7FC05868E2FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"F30B5EF5-0AE8-420B-A103-B1B25A372F09"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"F784EF07-DBEC-492A-A0F4-F9F7B2551A0B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"1044792C-D544-457C-9391-4F3B5BAB978D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FBD9AD01-50B7-4951-8A73-A6CF4801A487"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"89AA8FD5-E997-4F0D-AFB6-FFBE0073BA5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"75615D84-9CA1-456C-816D-768E37B074A4"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"7AB87384-A1F8-4136-A242-441C655D9364"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90CCECD0-C0F9-45A8-8699-64428637EBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F0ED340C-6746-471E-9F2D-19D62D224B7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"99BD7C4F-DE4C-4508-B20D-46A94B616C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3374F1FB-70F9-4EBC-837B-0D42282E3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","matchCriteriaId":"37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3847","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94863","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037468","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-200.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX219378","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3847","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94863","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://xenbits.xen.org/xsa/advisory-200.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX219378","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8225","sourceIdentifier":"psirt@lenovo.com","published":"2017-01-26T17:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges."},{"lang":"es","value":"Vulnerabilidad de ruta de servicio no citada en versiones de Lenovo Edge y Lenovo Slim USB Keyboard Driver anteriores a la versión 1.21 permite a usuarios locales ejecutar código con privilegios elevados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-428"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:edge_keyboard_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"1.20","matchCriteriaId":"E4B95ED9-7B17-4210-AC50-29CB4177BB03"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:slim_usb_keyboard_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"1.20","matchCriteriaId":"D804C742-2F77-4857-BCA9-154A319CE9C6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95842","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-11588","source":"psirt@lenovo.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95842","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-11588","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8226","sourceIdentifier":"psirt@lenovo.com","published":"2017-01-26T17:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure."},{"lang":"es","value":"La BIOS en sistemas Lenovo System X M5, M6 y X6, permite a administradores provocar una denegación de servicio a través de la actualización de una estructura de datos UEFI."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:C","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:flex_system_x240_m5_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"9890ABFC-FBBD-410C-96EC-AFECF8BBD512"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:flex_system_x280_m6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"ED0CFE0C-FF0F-4E4A-A1B9-1504BFB9AB40"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:flex_system_x480_x6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"A4BD06EA-C238-45F6-9987-C5F49964D2A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:flex_system_x880_x6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"D5491BF1-A801-4452-AC8A-501622CA47EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:nextscale_nx360_m5_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"8F8243CB-E206-444E-962E-1AE09A125581"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3250_m6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"6FCEE0E9-94A2-4B23-80DB-1730BEDABA7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3500_m5_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"17880B73-331D-4193-85C3-D0A25DD101A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3550_m5_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"687F2F54-963E-41AD-9E28-D733B6F1BA1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3650_m5_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"5DC02B48-5758-4A96-B865-8F4D460592E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3850_x6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"17988802-7824-43EF-86AC-7AC05D1FFF26"},{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:system_x3950_x6_bios:-:*:*:*:*:*:*:*","matchCriteriaId":"95DA7C73-1B66-4494-98FA-146EC460D4F9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95844","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-11306","source":"psirt@lenovo.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95844","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.lenovo.com/us/en/solutions/LEN-11306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8227","sourceIdentifier":"psirt@lenovo.com","published":"2017-01-26T17:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges."},{"lang":"es","value":"Vulnerabilidad de escalada de privilegios en la aplicación Lenovo Transition utilizada en sistemas Lenovo Yoga, Flex y Miix que ejecutan Windows permite a usuarios locales ejecutar código con privilegios elevados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:transition:-:*:*:*:*:*:*:*","matchCriteriaId":"CF3BD30C-B53A-44A7-9E63-3A7B5F5ED6D1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95159","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-12508","source":"psirt@lenovo.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95159","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-12508","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8710","sourceIdentifier":"talos-cna@cisco.com","published":"2017-01-26T21:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered via attempting to decode a crafted BPG image using Libbpg."},{"lang":"es","value":"Una vulnerabilidad explotable de salto de escritura fuera de límites existe en la decodificación de imágenes BPG en la librería Libbpg. Una imagen BPG manipulada decodificada por libbpg puede provocar una vulnerabilidad de desbordamiento inferior de entero provocando un salto de escritura fuera de límites conduciendo a ejecución remota de código. Esta vulnerabilidad puede ser desencadenada a través de un intento de decodificar una imagen BPG manipulada usando Libbpg."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libbpg_project:libbpg:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"31CCDAF4-F877-4514-A1E3-08E8BA1F97A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:libbpg_project:libbpg:0.9.7:*:*:*:*:*:*:*","matchCriteriaId":"FD53046B-9F6C-49AF-A281-DC124B84303A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95740","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0223/","source":"talos-cna@cisco.com","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0223/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9050","sourceIdentifier":"talos-cna@cisco.com","published":"2017-01-26T21:59:00.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability."},{"lang":"es","value":"Una vulnerabilidad explotable de lectura fuera de límites existe en la funcionalidad de análisis de mensaje del cliente de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que una lectura fuera de límites resulte en revelación de memoria en el proceso, la misma vulnerabilidad se puede utilizar para desencadenar una denegación de servicio. Un atacante puede simplemente conectarse al puerto y enviar el paquete para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95415","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0264/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95415","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0264/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9052","sourceIdentifier":"talos-cna@cisco.com","published":"2017-01-26T21:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability."},{"lang":"es","value":"Una vulnerabilidad explotable de desbordamiento de búfer basado en pila existe en la funcionalidad de consulta de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar un desbordamiento de búfer basado en pila en la función as_sindex__simatch_by_iname resultando en ejecución remota de código. Un atacante puede simplemente conectarse al puerto y enviar el paquete para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95419","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0266/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95419","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0266/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9054","sourceIdentifier":"talos-cna@cisco.com","published":"2017-01-26T21:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability."},{"lang":"es","value":"Una vulnerabilidad explotable de desbordamiento de búfer basado en pila existe en la funcionalidad de consulta de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar un desbordamiento de búfer basado en pila en la función as_sindex__simatch_list_by_set_binid resultando en ejecución remota de código. Un atacante puede simplemente conectarse al puerto y enviar el paquete para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95421","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0268/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0268/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5598","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T10:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer."},{"lang":"es","value":"Se ha descubierto un problema en eClinicalWorks healow@work 8.0 build 8. Es una inyección SQL ciega dentro de SEmployeePortalServlet, la cual puede ser explotada por usuarios no autenticados a través de una solicitud HTTP POST y que puede ser usada para volcar bases de datos a un servidor malicioso usando una técnica fuera de banda como select_loadfile(). La vulnerabilidad afecta a la página EmployeePortalServlet y al siguiente parámetro: employer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclinicalworks:patient_portal:8.0:*:*:*:*:*:*:*","matchCriteriaId":"F5D2BC29-F600-47DB-A253-2B834D9EFCF2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95836","source":"cve@mitre.org"},{"url":"https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95836","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gist.github.com/malerisch/ded4d6e6e980667ee9f7fc7f2818f4fa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5599","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T10:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a reflected Cross Site Scripting vulnerability which affects the raceMasterList.jsp page within the Patient Portal. Inserted payload is rendered within the Patient Portal and the raceMasterList.jsp page does not require authentication. The vulnerability can be used to extract sensitive information or perform attacks against the user's browser. The vulnerability affects the raceMasterList.jsp page and the following parameter: race."},{"lang":"es","value":"Se ha descubierto un problema en eClinicalWorks Patient Portal 7.0 build 13. Es una vulnerabilidad Cross Site Scripting que afecta a la página raceMasterList.jsp dentro de Patient Portal. La carga útil procesada dentro de Patient Portal y la página raceMasterList.jsp no requiere autenticación. La vulnerabilidad puede ser usada para extraer información sensible o realizar ataques contra el navegador del usuario. La vulnerabilidad afecta a la página raceMasterList.jsp y al siguiente parámetro: race."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eclinicalworks:patient_portal:7.0:*:*:*:*:*:*:*","matchCriteriaId":"2D551829-1627-4125-985A-830130EF0D7E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95835","source":"cve@mitre.org"},{"url":"https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95835","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gist.github.com/malerisch/8a2c195f385dff7f935db831a8dc2697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10002","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T17:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients. Attack requests can easily be crafted by a client to probe a cache for this information."},{"lang":"es","value":"Procesamiento incorrecto de respuestas a peticiones condicionales If-None-Modified HTTP en Squid HTTP Proxy 3.1.10 hasta la versión 3.1.23, 3.2.0.3 hasta la versión 3.5.22 y 4.0.1 hasta la versión 4.0.16 conduce a que datos Cookie de un cliente específico sean filtrados a otros clientes. Peticiones de ataque pueden ser fácilmente manipuladas por un cliente para probar una memoria caché para esta información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AE9A3716-8670-4847-A6EB-F601184D369E"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.11:*:*:*:*:*:*:*","matchCriteriaId":"D0E88EE3-EC00-4F1F-BAEF-4F1F893C5C5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A330DFA8-BF79-45CC-BF88-6CEA26D7BC9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.14:*:*:*:*:*:*:*","matchCriteriaId":"898674F9-6BF7-469F-A74E-558EAFC2CD27"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.15:*:*:*:*:*:*:*","matchCriteriaId":"3F50E718-1CF2-4C8F-A1EA-5F769B203B8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.16:*:*:*:*:*:*:*","matchCriteriaId":"290D66F4-D27F-4E86-AC95-05082F3C2E36"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.17:*:*:*:*:*:*:*","matchCriteriaId":"A8CD6A42-2C79-48EB-8F6C-0A7CE0C6AAAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.18:*:*:*:*:*:*:*","matchCriteriaId":"ABBA9A61-2B05-4527-A49D-425AD5FD863B"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.19:*:*:*:*:*:*:*","matchCriteriaId":"E893D7A8-9C39-438C-8EF2-9573EEDC884A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.20:*:*:*:*:*:*:*","matchCriteriaId":"0B707451-BF0E-4F79-A348-B1141ABA6EF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.21:*:*:*:*:*:*:*","matchCriteriaId":"810AAA9D-F4B2-4F0A-89DD-2D9378516481"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.22:*:*:*:*:*:*:*","matchCriteriaId":"516F3F77-3AEA-489D-A36F-C502B4D9BF01"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.1.23:*:*:*:*:*:*:*","matchCriteriaId":"FE91484C-3E8A-449C-A95D-DFA088D8D1B9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5BA593D9-907D-4051-A3F2-0F88F01A7C79"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"20D2B364-B98A-4484-A10A-86AF43774096"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"0B7BF076-0D43-407A-86DC-D1163922A787"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"AA576F49-A7F5-4013-89DF-F6C91C15B547"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"5D3F52FE-FFB3-4221-8DC7-3F5680A07429"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"604FEF42-ABA7-42C1-8A5F-C3AECFD68481"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"DC2568C1-89CB-41C1-9126-A8665614D0B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C18B5392-3FDB-49E6-89DB-7945D337FBFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.11:*:*:*:*:*:*:*","matchCriteriaId":"BA9E0E7F-E93C-4DE9-8D91-5EE50BCFAC2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.12:*:*:*:*:*:*:*","matchCriteriaId":"0BFF9D8B-343B-415D-8AF8-B07AF94CC48B"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"16F5794B-BBFB-4B12-9A0B-88A0334681C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.14:*:*:*:*:*:*:*","matchCriteriaId":"17D0083E-8D50-4DC6-979F-685D5CB588AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.15:*:*:*:*:*:*:*","matchCriteriaId":"138FAD73-1D25-4F46-B9EA-599FF0EDA1AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.16:*:*:*:*:*:*:*","matchCriteriaId":"2CE34DC1-F654-474E-B6A3-D81B9BF4D6CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.17:*:*:*:*:*:*:*","matchCriteriaId":"8A4BF7AC-7D9F-40D8-A5AA-BE1EBF37CF96"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.18:*:*:*:*:*:*:*","matchCriteriaId":"643E8B9B-C3F4-4171-BF67-D9359BDCE5CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.0.19:*:*:*:*:*:*:*","matchCriteriaId":"A73CBC60-1EF1-4730-9350-EB51F269695B"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"2721E403-A553-492F-897F-1CD1E2685139"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"85B091C4-8104-4A1E-A09D-EBCD114DC829"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FA2EDF9C-45AD-4980-8DEF-C7F473B22CAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BE4B8448-49FA-491C-A6A2-040233D670B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.5:*:*:*:*:*:*:*","matchCriteriaId":"11480BB1-874C-48EB-BB03-081313310608"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1B739890-99E8-434C-97D4-3739E6C31838"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.7:*:*:*:*:*:*:*","matchCriteriaId":"0C7B1871-3C85-4B88-AB42-E60BF5CDFB04"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.8:*:*:*:*:*:*:*","matchCriteriaId":"0A71DCD2-0E54-46A7-8309-CDB0736AD5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.9:*:*:*:*:*:*:*","matchCriteriaId":"CD54BDDF-F7A8-4715-BA0E-4E7F741492FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.10:*:*:*:*:*:*:*","matchCriteriaId":"9A2B9699-6622-4883-BA03-E3374C54871A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.11:*:*:*:*:*:*:*","matchCriteriaId":"78391DAF-2096-4DC4-80E4-D4D2859DCA32"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.12:*:*:*:*:*:*:*","matchCriteriaId":"9B062A06-31C1-4B23-B7BD-9F751ABD6A37"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.13:*:*:*:*:*:*:*","matchCriteriaId":"DE426934-A9E2-4019-99EA-5A76EA7CDF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.2.14:*:*:*:*:*:*:*","matchCriteriaId":"B421E821-CB87-4B65-AD64-102C3628DBF9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A7A83183-74B1-4041-A961-D9F382AAC7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4CE8F3F5-45A2-418A-9D8E-4E6DFC888BC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"7F4845D4-40D9-431E-A63C-E949B9D9F959"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF070E6-0B73-4F6D-8932-B284697FCD2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"6E07992B-92B4-4307-8DBD-085376C1D6DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"386550A3-A55B-4F24-9625-6A50260ADA72"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"810D1F9E-81E5-45F0-B62B-AB0A797FF8B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4673327A-1E50-47CC-AD83-6A3D2E687292"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.6:*:*:*:*:*:*:*","matchCriteriaId":"6624AF2D-9EF0-4597-B8B2-20D7A309EA6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.7:*:*:*:*:*:*:*","matchCriteriaId":"E9F75D13-ED59-42A9-A662-AC77DBA20903"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.8:*:*:*:*:*:*:*","matchCriteriaId":"1D2DEDED-818C-42E4-821C-954CE7406DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.9:*:*:*:*:*:*:*","matchCriteriaId":"EEED0A2E-AA5D-4835-A7C6-499325A0EB32"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.10:*:*:*:*:*:*:*","matchCriteriaId":"BEDD0AF5-8252-4548-941B-26581393E918"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.11:*:*:*:*:*:*:*","matchCriteriaId":"3E939AD4-B8F3-4BC0-9948-3C92B88D2593"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.12:*:*:*:*:*:*:*","matchCriteriaId":"73CAD438-969B-4D2E-8A2F-9264AFAD9DE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.13:*:*:*:*:*:*:*","matchCriteriaId":"87259A2E-E132-45BA-8AC4-8CC50B1F659A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.3.14:*:*:*:*:*:*:*","matchCriteriaId":"76245991-1D91-4475-87E1-FBB77A1B3CDF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1DD85E57-9A51-42DF-8BF7-E5701BAA64AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E983C5C3-C93C-4750-8DC5-31D6206335A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"DEC8D212-6E8B-45F7-B7FB-9FFA64C1DB8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7DA3A67C-A764-4D7B-B795-7E6B05879E21"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.1:*:*:*:*:*:*:*","matchCriteriaId":"F03B2A6E-1D63-42F2-BB31-18EC120B6543"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.2:*:*:*:*:*:*:*","matchCriteriaId":"3BC83C4B-7C06-40D7-9EF6-76E752E5724B"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.3:*:*:*:*:*:*:*","matchCriteriaId":"5C1E1CC9-81A7-47D5-87AC-86703E257D29"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.4:*:*:*:*:*:*:*","matchCriteriaId":"D716D8C4-2089-4E61-9487-B2085B74B5BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.5:*:*:*:*:*:*:*","matchCriteriaId":"5332A8F5-8F97-465B-AF24-2FEF0B055006"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.6:*:*:*:*:*:*:*","matchCriteriaId":"6567D19B-DF18-4C52-984A-591524A83AD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.7:*:*:*:*:*:*:*","matchCriteriaId":"06832CD3-C761-4941-AFAB-822477C568F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.8:*:*:*:*:*:*:*","matchCriteriaId":"40507A48-FD3B-4309-B017-A1644C5C3520"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.9:*:*:*:*:*:*:*","matchCriteriaId":"0211EBCA-144F-4BDD-8F0C-E5F7BDF96E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.10:*:*:*:*:*:*:*","matchCriteriaId":"7A52E699-6C08-4324-AD38-E8D40A02701F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.11:*:*:*:*:*:*:*","matchCriteriaId":"94C493CA-CBF0-4D15-8D1A-0E972E31F7A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.12:*:*:*:*:*:*:*","matchCriteriaId":"C398219E-503D-4DE5-85E8-5570536D6FB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.13:*:*:*:*:*:*:*","matchCriteriaId":"BBF91088-0BD3-48EB-8D19-C05F156D4A19"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.4.14:*:*:*:*:*:*:*","matchCriteriaId":"3441D193-DA62-4AC1-8E50-3AEEF8C659F3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E0868B12-EDF9-42D9-BB43-15F623A3310B"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F710949D-F0FE-43F4-ADB3-6EB679A70280"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"DCB75144-2437-40A8-8CA3-A487B603F7DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6CED2CB3-BE78-4818-A6D7-847A1ACE74DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.1:*:*:*:*:*:*:*","matchCriteriaId":"705D8320-A278-483A-AE47-802044CE685E"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.2:*:*:*:*:*:*:*","matchCriteriaId":"715634E1-F7BE-4106-BDA7-B7D147EEA800"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.3:*:*:*:*:*:*:*","matchCriteriaId":"21E9E155-FC6F-46E7-8BF7-65DF097409D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.4:*:*:*:*:*:*:*","matchCriteriaId":"CF72FA7A-E35D-4000-9DDA-71E55EA3A4D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.5:*:*:*:*:*:*:*","matchCriteriaId":"26A3F10F-938E-44D6-845D-B66EF9812C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.6:*:*:*:*:*:*:*","matchCriteriaId":"B1D82EEE-F65E-4657-B0F7-6CE33D219134"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.7:*:*:*:*:*:*:*","matchCriteriaId":"C9E6A845-B67C-4112-8240-9F61D6AF3B0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.8:*:*:*:*:*:*:*","matchCriteriaId":"4BEDD7E3-E263-4A09-9C11-3E008E01BC28"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.9:*:*:*:*:*:*:*","matchCriteriaId":"80E3FF16-A6CD-456C-B58A-381A75D8616C"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.10:*:*:*:*:*:*:*","matchCriteriaId":"87D02AB2-AA26-4416-B689-02C5EEF2099C"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.11:*:*:*:*:*:*:*","matchCriteriaId":"A134E1F1-AFCC-498B-8840-5884CF858769"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.12:*:*:*:*:*:*:*","matchCriteriaId":"D5F4E7D0-B6F4-476E-A011-55619E91A3B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.13:*:*:*:*:*:*:*","matchCriteriaId":"95588755-27E8-4DB7-B865-A784D3638FE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.14:*:*:*:*:*:*:*","matchCriteriaId":"2CD4DDBC-4243-459A-B43D-FF8F0AE0BA3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.15:*:*:*:*:*:*:*","matchCriteriaId":"0F90E11F-FC03-46D9-A9C4-A578196D59D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.16:*:*:*:*:*:*:*","matchCriteriaId":"EDC9BEE2-D7E4-4192-963C-E9F2364FC8CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.17:*:*:*:*:*:*:*","matchCriteriaId":"CA0BDDAD-2912-480F-8911-8FF94E1A7415"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.18:*:*:*:*:*:*:*","matchCriteriaId":"275C4ED9-0C69-4CFD-9C1D-D734731DD940"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.19:*:*:*:*:*:*:*","matchCriteriaId":"647A80E8-9AA4-41B4-B2F2-9D07D839DFEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.20:*:*:*:*:*:*:*","matchCriteriaId":"CC3EDC70-9DE3-454E-A90D-7D4A4C082517"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.21:*:*:*:*:*:*:*","matchCriteriaId":"8E397BA5-4FA4-402F-BFCC-9077ED93C438"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:3.5.22:*:*:*:*:*:*:*","matchCriteriaId":"4649C5C3-7371-4B92-9E06-73AE4CF39685"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"060FCBEA-DEAA-42FB-88C9-4B78136B172F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"74987102-8CA8-4120-B686-F18579A96A46"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"DA7828AA-48B6-44CD-8507-345A4F0A25BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6640F25F-CC8B-4B05-A97A-2186BD0B5ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"A037F780-6FC9-4130-908F-B5434FA0C7DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"1DDEB455-F082-44E4-8CEA-019C0084BF05"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"49555803-288E-4B0A-B12A-890E5E0AD05F"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"EBEE374C-365E-49DE-A9F9-6083044C774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"1B6B2A8E-DD81-43CD-9F5B-E8F87498E513"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"179ACC3B-D8C8-4CE2-964F-CBF29BBB066A"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.11:*:*:*:*:*:*:*","matchCriteriaId":"252E5ABE-5113-4987-931E-16B69C4CE424"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.12:*:*:*:*:*:*:*","matchCriteriaId":"9285C454-7F60-4AEA-A134-124C1E0745FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.13:*:*:*:*:*:*:*","matchCriteriaId":"2F753944-8EC0-4CE5-98E5-71798F9EC663"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.14:*:*:*:*:*:*:*","matchCriteriaId":"F1BD3131-D4F3-4B29-9408-754B6190DAEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3F00481A-5E3B-45A1-A2A5-56E63F91C834"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:4.0.16:*:*:*:*:*:*:*","matchCriteriaId":"217AB656-D70C-4009-8797-C58002FDB6C0"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0182.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0183.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3745","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94953","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037513","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.squid-cache.org/Advisories/SQUID-2016_11.txt","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0182.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0183.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3745","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94953","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037513","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.squid-cache.org/Advisories/SQUID-2016_11.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10003","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T17:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients."},{"lang":"es","value":"Comparación incorrecta del encabezado de HTTP Request en Squid HTTP Proxy 3.5.0.1 hasta la versión 3.5.22 y 4.0.1 hasta la versión 4.0.16 resulta en que la funcionalidad Collapsed Forwarding identifica de forma equivocada algunas respuestas privadas como adecuadas para la entrega a múltiples clientes."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-697"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"3.5.0.1","versionEndExcluding":"3.5.23","matchCriteriaId":"9AE6398D-3000-4C1B-8BB3-37AE280BEDD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.1","versionEndExcluding":"4.0.17","matchCriteriaId":"32C73B3C-ECDF-450E-A039-9F09A18570E4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94953","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037512","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.squid-cache.org/Advisories/SQUID-2016_10.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94953","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037512","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.squid-cache.org/Advisories/SQUID-2016_10.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1551","sourceIdentifier":"cret@cert.org","published":"2017-01-27T17:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker."},{"lang":"es","value":"ntpd en NTP 4.2.8p3 y NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 confía en el sistema operativo subyacente para protegerlo de las solicitudes que suplantan relojes de referencia. Debido a que los relojes de referencia son tratados como otros pares y almacenados en la misma estructura, cualquier paquete con una dirección IP de origen de un reloj de referencia (127.127.1.1 por ejemplo) que alcance la función receive() coincidirá con el registro de par de referencia clock's y será tratado como un par de confianza. Cualquier sistema que carezca del típico filtrado de paquetes marcianos que bloquearía estos paquetes está en peligro de tener su tiempo controlado por un atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntpsec:ntpsec:a5fb34b9cc89b92a8fef2f459004865c93bb7f92:*:*:*:*:*:*:*","matchCriteriaId":"5765FE6F-2E10-4712-8FD7-EA982572FB17"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88219","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"cret@cert.org"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0132/","source":"cret@cert.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cret@cert.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cret@cert.org"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cret@cert.org"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0132/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8411","sourceIdentifier":"security@android.com","published":"2017-01-27T17:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775."},{"lang":"es","value":"Vulnerabilidad de desbordamiento de búfer al procesar QMI QOS TLVs. Producto: Android. Versiones: versiones que tienen qmi_qos_srvc.c. Android ID: 31805216. Referencias: QC CR#912775."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94684","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94684","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://source.android.com/security/bulletin/2016-12-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9448","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T17:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9297."},{"lang":"es","value":"La función TIFFFetchNormalTag en LibTiff 4.0.6 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) estableciendo las etiquetas TIFF_SETGET_C16ASCII o TIFF_SETGET_C32_ASCII a valores que acceden a los arrays 0-byte. NOTA: esta vulnerabilidad existe por una corrección incompleta para CVE-2016-9297."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"33708995-494C-476D-B0E3-1E78B9328699"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2593","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/15","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94420","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2593","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94420","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9453","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T17:59:00.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one."},{"lang":"es","value":"La función t2p_readwrite_pdf_image_tile en LibTIFF permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites y caída) o posiblemente ejecutar código arbitrario a través de un archivo JPEG manipulado con TIFFTAG_JPEGTABLES de longitud uno."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.7","matchCriteriaId":"A375D786-08EE-4FE2-8C5E-7D8EC155F227"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2579","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94406","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00017.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94406","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-1919","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T20:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack."},{"lang":"es","value":"Samsung KNOX 1.0 utiliza un algoritmo de generación eCryptFS Key débil, lo que hace más fácil a usuarios locales obtener información sensible aprovechando el conocimiento de la clave TIMA y un ataque de fuerza bruta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:knox:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0","matchCriteriaId":"FB53DCB4-6776-40FC-9B7C-47F6D990CBE1"}]}]}],"references":[{"url":"http://lists.openwall.net/bugtraq/2016/01/17/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/135303/Samsung-KNOX-1.0-Weak-eCryptFS-Key-Generation.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/537319/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/537340/100/0/threaded","source":"cve@mitre.org"},{"url":"http://lists.openwall.net/bugtraq/2016/01/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/135303/Samsung-KNOX-1.0-Weak-eCryptFS-Key-Generation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/537319/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/537340/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-1920","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T20:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service."},{"lang":"es","value":"Samsung KNOX 1.0.0 utiliza el certificado compartido en Android, lo que permite a usuarios locales llevar a cabo ataques man-in-the-middle como se demuestra instalando un certificado y ejecutando un servicio VPN."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:knox:1.0:*:*:*:*:*:*:*","matchCriteriaId":"9D91CDAE-9BFB-41CA-9C9B-DF9D6ACD86A4"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/537318/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/537339/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/537318/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/537339/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3996","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T20:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application."},{"lang":"es","value":"ClipboardDataMgr en Samsung KNOX 1.0.0 y 2.3.0 no verifica adecuadamente a quien llama, lo que permite a usuarios locales leer datos de portapapeles de KNOX a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:knox:1.0:*:*:*:*:*:*:*","matchCriteriaId":"9D91CDAE-9BFB-41CA-9C9B-DF9D6ACD86A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:knox:2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D740E340-5D8E-48E0-A9CD-13BE7CC8E185"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538113/100/0/threaded","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/136710/KNOX-2.3-Clipboard-Data-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538113/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5822","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T20:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets."},{"lang":"es","value":"Huawei Oceanstor 5800 en versiones anteriores a V300R002C10SPC100 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de un número grande de paquetes HTTP manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:huawei:oceanstor_5800_v3:*:*:*:*:*:*:*:*","versionEndIncluding":"v300r002c10","matchCriteriaId":"073389FA-FF64-4208-862A-5713812DD52B"}]}]}],"references":[{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160622-01-oceanstor-en","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95854","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160622-01-oceanstor-en","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5509","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad difícil de explotar permite a atacante remoto poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 3.1 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95519","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95519","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5528","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GlassFish Server. While the vulnerability is in Oracle GlassFish Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle GlassFish Server de Oracle Fusion Middleware (subcomponente: Security). Versiones compatibles que están afectadas son 2.1.1, 3.0.1 y 3.1.2. Vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Oracle GlassFish Server. Mientras la vulnerabilidad está en Oracle GlassFish Server, los ataques podrían afectar significativamente productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle GlassFish Server. CVSS v3.0 Base Score 9.0 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95478","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5541","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Cluster de Oracle MySQL (subcomponente: Cluster: NDBAPI). Versiones compatibles que están afectadas son 7.2.26 y versiones anteriores, 7.3.14 y versiones anteriores y 7.4.12 y versiones anteriores. Vulnerabilidad difícil de explotar permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer MySQL Cluster. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de MySQL Cluster y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de MySQL Cluster. CVSS v3.0 Base Score 4.8 (Impactos de Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.26","matchCriteriaId":"5765952D-9FB5-4413-B926-0A3157D1E345"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.14","matchCriteriaId":"FDE7B669-245E-42A0-A6FF-DA4032B5019E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4.12","matchCriteriaId":"3BB55F73-6DC7-4534-B39D-163A5D565884"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95592","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"https://twitter.com/NicolasLemonias/status/821954512168648705","source":"secalert_us@oracle.com","tags":["Technical Description"]},{"url":"https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html","source":"secalert_us@oracle.com","tags":["Technical Description"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://twitter.com/NicolasLemonias/status/821954512168648705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"https://www.docdroid.net/o2uVeg4/cve2016554.pdf.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]}]}},{"cve":{"id":"CVE-2016-5545","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle VM VirtualBox de Oracle Virtualization (subcomponente: GUI). Versiones compatibles que están afectadas son VirtualBox anterior a 5.0.32 y anterior a 5.1.14. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle VM VirtualBox. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle VM VirtualBox así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle VM VirtualBox y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.32","matchCriteriaId":"73C117CD-2753-41C7-BC0C-A87A1D7333DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*","versionStartIncluding":"5.1.0","versionEndExcluding":"5.1.14","matchCriteriaId":"8F39845D-98E2-46F5-B420-D5973377F660"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95590","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037638","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201702-08","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95590","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037638","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201702-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5546","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en Java SE, Java SE Embedded, componente JRockit de Oracle Java SE (subcomponente: Libraries). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos de esta vulnerabilidad pueden resultar en creación, borrado o modificación de acceso no autorizado a datos críticos o a todos los datos accesibles de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a través de aplicaciones y Java Web Start y applets de Java aisladas. También puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aisladas, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 7.5 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95506","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95506","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5547","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en Java SE, Java SE Embedded, componente JRockit de Oracle Java SE (subcomponente: Libraries). Versiones compatibles que están afectadas son Java SE: 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red, a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a través de aplicaciones Java Web Start y applets Java aislados. También puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aislados, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 5.3 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95521","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95521","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5548","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en Java SE, componente Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Versiones compatibles que están afectadas son: Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o el acceso completo a todos los datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (ej: código procedente de Internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones de Java, normalmente en servidores, que cargan y ejecutan sólo código de confianza (ej: código instalado por un administrador). CVSS v3.0 Base Score 6.5 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95559","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95559","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5549","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en Java SE, componente Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Versiones compatibles que están afectadas son: JAVA SE: 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Java SE, Java SE Embebed. Nota: Esta vulnerabilidad aplica a implementaciones de Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 6.5 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95530","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95530","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5552","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en Java SE, Java SE Embedded, componente JRockit de Oracle Java SE (subcomponente: Networking). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor Java. Esta vulnerabilidad puede ser explotada a través aplicaciones Java Web Start y applets Java aisladas. También puede ser explotada mediante el suministro de datos a las APIs en componente específico sin utilizar aplicaciones Java Web Start o applets Java aisladas, como a través de un servicio web. CVSS v3.0 Base Score 5.3 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95512","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037798","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95512","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5590","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent). Supported versions that are affected are 3.1.3.7856 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via TLS to compromise MySQL Enterprise Monitor. Successful attacks of this vulnerability can result in takeover of MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Enterprise Monitor de Oracle MySQL (subcomponente: Monitoring: Agent). Versiones compatibles que están afectadas son 3.1.3.7856 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacante con elevados privilegios con acceso a la red a través de TLS, comprometer MySQL Enterprise Monitor. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de MySQL Enterprise Monitor. CVSS v3.0 Base Score 7.2 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.3.7856","matchCriteriaId":"F0BA9C71-9DEE-41E2-8B21-9638046AEBAE"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95542","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95542","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5614","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95474","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95474","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5623","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Private Banking así como acceso de lectura no autorizado a un conjunto de datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 5.4 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95476","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5823","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file."},{"lang":"es","value":"La función icalproperty_new_clone en libical 0.47 y 1.0 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) a través de un archivo ics manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:0.47:*:*:*:*:*:*:*","matchCriteriaId":"931A0742-DFC5-4549-BAD4-DCDF410FD59A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:1.0:*:*:*:*:*:*:*","matchCriteriaId":"C2F80EE6-22E3-4067-AB72-C4B3462B9673"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201904-02","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201904-02","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5824","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.583","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file."},{"lang":"es","value":"libical 1.0 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación de memoria) a través de un archivo ics manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:1.0:*:*:*:*:*:*:*","matchCriteriaId":"C2F80EE6-22E3-4067-AB72-C4B3462B9673"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/20/16","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0269","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0270","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1275400","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/libical/libical/issues/235","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libical/libical/issues/251","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libical/libical/issues/286","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201904-02","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201904-07","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3897-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/20/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1275400","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/libical/libical/issues/235","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libical/libical/issues/251","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libical/libical/issues/286","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201904-02","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201904-07","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3897-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5825","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file."},{"lang":"es","value":"La función icalparser_parse_string en libical 0.47 y 1.0 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de un archivo ics manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:0.47:*:*:*:*:*:*:*","matchCriteriaId":"931A0742-DFC5-4549-BAD4-DCDF410FD59A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:1.0:*:*:*:*:*:*:*","matchCriteriaId":"C2F80EE6-22E3-4067-AB72-C4B3462B9673"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1280832","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1280832","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-5826","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function."},{"lang":"es","value":"La función parser_get_next_char en libical 0.47 y 1.0 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de rango) creando una cadena en la función icalparser_parse_string."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:0.47:*:*:*:*:*:*:*","matchCriteriaId":"931A0742-DFC5-4549-BAD4-DCDF410FD59A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:1.0:*:*:*:*:*:*:*","matchCriteriaId":"C2F80EE6-22E3-4067-AB72-C4B3462B9673"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281041","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281041","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-5827","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.710","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function."},{"lang":"es","value":"La función icaltime_from_string en libical 0.47 y 1.0 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de una cadena manipulada a la función icalparser_parse_string."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:0.47:*:*:*:*:*:*:*","matchCriteriaId":"931A0742-DFC5-4549-BAD4-DCDF410FD59A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libical_project:libical:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5332BD4D-D708-40AC-845B-9A79EF5D9EBE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281043","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/25/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1281043","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-6264","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.740","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function."},{"lang":"es","value":"Error de entero sin signo en libc/string/arm/memset.S en uClibc y uClibc-ng en versiones anteriores a 1.0.16 permite a atacantes dependientes de contexto provocar una denegación de servicio (caída) a través de un valor de longitud negativo para la función memset."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclibc:uclibc:-:*:*:*:*:*:*:*","matchCriteriaId":"3EFC2D72-8D61-4CE6-B825-28669841FAF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:uclibc-ng_project:uclibc-ng:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.16","matchCriteriaId":"E58952E4-9D4F-4B84-9258-18E74F855C72"}]}]}],"references":[{"url":"http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/21/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/21/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91492","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://mailman.uclibc-ng.org/pipermail/devel/2016-May/000890.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/21/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/21/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91492","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7569","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:00.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en docker2aci en versiones anteriores a 0.13.0 permite a atacantes remotos escribir archivos arbitrarios a través un .. (punto punto) en la capa de datos embebidos en una imagen."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:docker2aci_project:docker2aci:*:*:*:*:*:*:*:*","versionEndIncluding":"0.12.3","matchCriteriaId":"615F5DA9-5EDE-44BE-B663-48F3D8AC7E94"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/2","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93194","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/appc/docker2aci/issues/201","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/appc/docker2aci/releases/tag/v0.13.0","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/28/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93194","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/appc/docker2aci/issues/201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/appc/docker2aci/releases/tag/v0.13.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8282","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso de red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad está en Oracle FLEXCUBE Private Banking, los ataques podrían afectar de forma significativa productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, insertar o borrar acceso a algunos de los datos accesibles de Oracle FLEXCUBE Private Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 6.1 (Impacto de confidencialidad e integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95472","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8297","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.850","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones soportas que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en una creación no autorizada, borrado o modificación de acceso a datos críticos o a todos los datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 8.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95540","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95540","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8298","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones soportadas que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en una creación no autorizada, borrado o modificación de acceso a datos críticos o a todos los datos accesibles de Oracle FLEXCUBE Private Banking así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 8.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95471","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95471","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8299","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de FLEXCUBE Universal Banking y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95547","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8300","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.960","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad difícil de explotar permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 5.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95473","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8301","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:00.990","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking aCVSS v3.0 Base Score 4.3 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95553","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95553","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8302","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.037","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95554","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95554","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8303","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.070","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Universal Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95548","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95548","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8304","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Universal Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 5.4 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95550","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95550","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8305","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite acceso físico para comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 2.1 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":2.1,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95558","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95558","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8306","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.163","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer FLEXCUBE Investor Servicing. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de FLEXCUBE Investor Servicing así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 5.4 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95515","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8307","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 5.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95551","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95551","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8308","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 4.3 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95475","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95475","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8309","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95518","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95518","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8310","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 7.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95545","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8311","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.5 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95546","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95546","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8312","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.350","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Private Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Private Banking así como la actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de iOracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95469","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95469","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8313","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Private Banking de Oracle Financial Services Applications (subcomponente: Product / Instrument Search). Versiones compatibles que están afectadas son 2.0.1, 2.2.0 y 12.0.1. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Private Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Private Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en un acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Private Banking. CVSS v3.0 Base Score 4.1 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N","baseScore":4.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CCECB33-4CA3-4519-A733-3529B70AB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6715C8EF-DAC6-487F-89F4-52713BB7F663"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11CCF1EE-70D3-40C9-9797-AE6228DA8522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95489","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95489","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8314","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Core Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 5.1.0, 5.2.0 y 11.5.0. Vulnerabilidad dificil de explotar permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Core Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Core Banking. CVSS v3.0 Base Score 3.1 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B050A465-EF04-4638-B760-010F36A534BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"DEFE7E72-D419-4040-81AB-B4934C13909F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"D2A60A6B-C9B9-4A71-9AB2-2D10E5CE3A01"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95609","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95609","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8315","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.443","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Infrastructure Code). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos de esta vulnerabilidad pueden resultar en creación, borrado o modificación de acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Investor Servicing así como acceso completo a datos accesibles de todo Oracle FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 8.1 (Impactos de confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95496","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95496","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8316","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Investor Servicing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Investor Servicing así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 5.4 (Impactos de confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95516","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95516","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8317","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.507","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Unit Trust). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad difícil de explotar permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos de esta vulnerabilidad pueden resultar en creación, borrado o modificación de acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Investor Servicing. CVSS v3.0 Base Score 5.3 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95517","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95517","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8318","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Security: Encryption). Versiones compatibles que están afectadas son 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en MySQL Server, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.8 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95580","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95580","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8319","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Investor Servicing de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.1, 12.0.2,12.0.4,12.1.0 y 12.3.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a red a través de HTTP, comprometer Oracle FLEXCUBE Investor Servicing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Investor Servicing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Investor Servicing así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Impactos de confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5E280A03-DE42-415B-8B0C-3C16941FF80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9058C7C8-54CE-42C5-8D41-BD0074BA0F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*","matchCriteriaId":"B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"21BE77B2-6368-470E-B9E6-21664D9A818A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*","matchCriteriaId":"3250073F-325A-4AFC-892F-F2005E3854A5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95514","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95514","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8320","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0 and 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Enterprise Limits and Collateral Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Enterprise Limits and Collateral Management de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.0 y 12.0.2. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Enterprise Limits and Collateral Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Enterprise Limits and Collateral Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Enterprise Limits and Collateral Management así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_enterprise_limits_and_collateral_management:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"FA4EDFC7-C093-430B-AF1F-2746D427E404"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_enterprise_limits_and_collateral_management:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"55F0D624-8184-4F89-B011-F6819E5DA8FF"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95596","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95596","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8322","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.647","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Core Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 5.1.0, 5.2.0 y 11.5.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Core Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Core Banking. CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B050A465-EF04-4638-B760-010F36A534BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"DEFE7E72-D419-4040-81AB-B4934C13909F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"D2A60A6B-C9B9-4A71-9AB2-2D10E5CE3A01"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95608","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95608","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8323","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Core Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Core Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 5.1.0, 5.2.0 y 11.5.0. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Core Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Core Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Core Banking. CVSS v3.0 Base Score 5.4 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B050A465-EF04-4638-B760-010F36A534BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"DEFE7E72-D419-4040-81AB-B4934C13909F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"D2A60A6B-C9B9-4A71-9AB2-2D10E5CE3A01"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95556","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95556","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8324","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Core Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 5.1.0, 5.2.0 y 11.5.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Core Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Core Banking. CVSS v3.0 Base Score 5.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B050A465-EF04-4638-B760-010F36A534BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"DEFE7E72-D419-4040-81AB-B4934C13909F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_core_banking:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"D2A60A6B-C9B9-4A71-9AB2-2D10E5CE3A01"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95607","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95607","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8325","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle One-to-One Fulfillment accessible data as well as unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 9.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: Internal Operations). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle One-to-One Fulfillment. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles Oracle One-to-One Fulfillment. CVSS v3.0 Base Score 9.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95595","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95595","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8327","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.773","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Replication). Versiones compatibles que están afectadas son 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad difícil de explotar permite a atacante con elevados privilegios con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 4.4 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95557","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95557","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8328","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Java Mission Control). La versión compatible que está afectada es Java SE: 8u112. Vulnerabilidad difícil de explotar permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE.Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Java SE. Nota: Aplica a Java Mission Control Installation. CVSS v3.0 Base Score 3.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95581","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8329","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: Mobile Application Platform). Versiones compatibles que están afectadas son 8.54y 8.55. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en PeopleSoft Enterprise PeopleTools, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de PeopleSoft Enterprise PeopleTools así como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","matchCriteriaId":"CDD82442-3535-4BB9-8888-F61A35B900AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","matchCriteriaId":"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95495","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95495","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8330","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:01.867","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: Kernel). La versión compatible que está afectada es 11.3. Vulnerabilidad difícil de explotar permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Solaris. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Solaris. CVSS v3.0 Base Score 3.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","matchCriteriaId":"79A602C5-61FE-47BA-9786-F045B6C6DBA8"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95572","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037641","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95572","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037641","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9298","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:01.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función WaveletDenoiseImage en MagickCore/fx.c en ImageMagick en versiones anteriores a 6.9.6-4 y 7.x en versiones anteriores a 7.0.3-6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una imagen manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.6-3","matchCriteriaId":"687107C7-3539-40D5-8C53-62554B347711"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-0:*:*:*:*:*:*:*","matchCriteriaId":"693C9F8F-A8C1-4D06-8F31-E085E16E701C"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-1:*:*:*:*:*:*:*","matchCriteriaId":"6D3D3DFC-8459-41BA-BF3E-AE84E48FCEE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-2:*:*:*:*:*:*:*","matchCriteriaId":"A3E12EB4-B8F6-43A3-847D-DBC96AE10905"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-3:*:*:*:*:*:*:*","matchCriteriaId":"30539421-5872-4C2E-94AE-8A2B05C952C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-4:*:*:*:*:*:*:*","matchCriteriaId":"1A5B7537-8563-409D-82DE-EB07107D3C04"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-5:*:*:*:*:*:*:*","matchCriteriaId":"FA648D3C-A464-4F54-8B5E-E8431531FBB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-6:*:*:*:*:*:*:*","matchCriteriaId":"D6666BB0-B211-490F-884C-BE410CD19DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-7:*:*:*:*:*:*:*","matchCriteriaId":"5FF2582D-1513-448B-8B61-9C4844B08324"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-8:*:*:*:*:*:*:*","matchCriteriaId":"E57E6BA4-A727-4CF5-B15F-76632D02617A"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-9:*:*:*:*:*:*:*","matchCriteriaId":"C721BC6F-61DD-4ED1-8024-2946C494AEC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.1-10:*:*:*:*:*:*:*","matchCriteriaId":"CD319D32-FE7A-456D-AFEE-DC9F0D98652C"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-0:*:*:*:*:*:*:*","matchCriteriaId":"09CDF263-38F5-469F-984B-9D9A223159B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-1:*:*:*:*:*:*:*","matchCriteriaId":"243FF3C1-D676-4D5F-A90C-3017DCBBE73A"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-2:*:*:*:*:*:*:*","matchCriteriaId":"1B8BDDE6-6B38-442B-83A4-FAADBAE1C792"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-3:*:*:*:*:*:*:*","matchCriteriaId":"4DCD89B9-6A69-41DE-BE38-5E9193828279"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-4:*:*:*:*:*:*:*","matchCriteriaId":"139BC277-8E00-4700-8B47-6D3A3CB38B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-5:*:*:*:*:*:*:*","matchCriteriaId":"D0FA2E18-6F7B-49D6-B60C-38851398F9B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-6:*:*:*:*:*:*:*","matchCriteriaId":"7B7F510A-A439-47A3-AF31-4BF7F74D58A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-7:*:*:*:*:*:*:*","matchCriteriaId":"A91B94E3-33BB-46B6-A1AE-EAA9906605CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-8:*:*:*:*:*:*:*","matchCriteriaId":"F5B3DE17-08A8-457D-9AEB-BD6E04376B34"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-9:*:*:*:*:*:*:*","matchCriteriaId":"98AD438E-28B7-4491-B58F-55FDE7F67CFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.2-10:*:*:*:*:*:*:*","matchCriteriaId":"7E033A09-4F2F-4957-A9A8-5C9E7D90A1CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*","matchCriteriaId":"BB9B68E7-0E40-437A-A71B-0C078FE76FD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-1:*:*:*:*:*:*:*","matchCriteriaId":"948D5778-AD2A-4293-AE39-A406D75F5678"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-2:*:*:*:*:*:*:*","matchCriteriaId":"D391DECE-2408-4A8F-ACE6-F18028C422A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-3:*:*:*:*:*:*:*","matchCriteriaId":"CC773CB4-0E7B-4D73-AB9C-D7CC98C38BD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-4:*:*:*:*:*:*:*","matchCriteriaId":"24A0C584-9DA3-48B0-B152-67B9E0239876"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-5:*:*:*:*:*:*:*","matchCriteriaId":"E42943C5-CC66-4E88-9085-1BD39937C09B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/13/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/10","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94310","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/296","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-09","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/13/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/14/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3cbfb163cff9e5b8cdeace8312e9bfee810ed02b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/296","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-09","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9634","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:01.943","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través del parámetro start_line."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"cve@mitre.org","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9635","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:01.990","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) proporcionando un 'recuento de saltos' que va más allá del búfer inicializado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"cve@mitre.org","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9636","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:02.053","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función flx_decode_delta_fli en gst/flx/gstflxdec.c en el decoder FLIC en GStreamer en versiones anteriores a 1.10.2 permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) proporcionando un \"recuento de escritura\" que va más allá del búfer inicializado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.1","matchCriteriaId":"E205DF55-52AD-46B7-B83E-2FDB322A52A2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"cve@mitre.org","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2975.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=774834","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9795","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:02.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation."},{"lang":"es","value":"El programa casrvc en CA Common Services, tal como se usa en CA Client Automation 12.8, 12.9, y 14.0; CA SystemEDGE 5.8.2 y 5.9; CA Systems Performance for Infrastructure Managers 12.8 y 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 y 12.9; CA Workload Automation AE 11, 11.3, 11.3.5 y 11.3.6 en AIX, HP-UX, Linux y Solaris permite a usuarios locales modificar archivos arbitrarios y consecuentemente obtener privilegios de root a través de vectores relacionados con validación insuficiente."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:ca_workload_automation_ae:11.0:*:*:*:*:*:*:*","matchCriteriaId":"ACC707BC-3838-4020-9C96-A70588C72174"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3:*:*:*:*:*:*:*","matchCriteriaId":"E2F5DC90-D003-4578-8057-41E14B48B955"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.5:*:*:*:*:*:*:*","matchCriteriaId":"C9F7FAAA-D5BB-4EB2-A461-5791E83FC841"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:ca_workload_automation_ae:11.3.6:*:*:*:*:*:*:*","matchCriteriaId":"A211A974-F62C-4FDB-BCFA-014FAF6034A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:client_automation:12.8:*:*:*:*:*:*:*","matchCriteriaId":"04C3CC5B-ABA3-4983-804D-9750407F843B"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:client_automation:12.9:*:*:*:*:*:*:*","matchCriteriaId":"22DB3489-2FDD-4781-87C4-65DB7BAC0F6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:client_automation:14.0:*:*:*:*:*:*:*","matchCriteriaId":"48505905-DB88-428F-B3D7-929EA2321F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:systemedge:5.8.2:*:*:*:*:*:*:*","matchCriteriaId":"30E64970-338B-4AE7-9EA1-54D6A6241DC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:systemedge:5.9:*:*:*:*:*:*:*","matchCriteriaId":"CB89C4C3-4964-4D65-AC8C-58E998D1E1EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*","matchCriteriaId":"703F0FDD-D2BE-4E1B-893B-223985668A5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:broadcom:systems_performance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*","matchCriteriaId":"E793CCF3-5CFB-4670-9C1E-46FCD0738994"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:universal_job_management_agent:11.2:*:*:*:*:*:*:*","matchCriteriaId":"2CA05936-4D9F-4D3D-B2AF-48AB986EB2EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.8:*:*:*:*:*:*:*","matchCriteriaId":"99DD6651-7B25-4FA6-B579-932FB77BF3CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:virtual_assurance_for_infrastructure_managers:12.9:*:*:*:*:*:*:*","matchCriteriaId":"EC386DBF-5C12-4710-B79F-D8FF7AA13115"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540062/100/0/threaded","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95819","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037730","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/archive/1/540062/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95819","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20170126-01--security-notice-for-ca-common-services-casrvc.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3231","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded de Oracle Java SE (subcomponente: Networking). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95563","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95563","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3235","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 3.5 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite acceso físico para comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 3.5 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95555","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95555","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3236","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Universal Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 4.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.3.0:*:*:*:*:*:*:*","matchCriteriaId":"BDAB2438-6836-4632-A344-3486F0661D17"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4703D070-2171-4501-9EF1-A417AB111D95"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.1:*:*:*:*:*:*:*","matchCriteriaId":"501D0455-4A7E-496A-9D92-CD2A0E9ECC62"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"097B84AB-C16F-48B4-BFCE-DB87D607EC5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"77C313ED-A2A5-4BD2-B88F-F8F5DA2DAFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95552","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3238","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Optimizer). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores, 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o caída frecuentemente repetible (DOS completa) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95571","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95571","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3239","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle GlassFish Server executes to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle GlassFish Server de Oracle Fusion Middleware (subcomponente: Administration). Versiones compatibles que están afectadas son 3.0.1 y 3.1.2. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con inicio de sesión a la infraestructura donde se ejecuta Oracle GlassFish Server, comprometer Oracle GlassFish Server. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GlassFish Server. CVSS v3.0 Base Score 3.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95493","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95493","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3240","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente RDBMS Security de Oracle Database Server. La versión compatible que está afectada es 12.1.0.2. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado teniendo privilegio de inicio local de sesión con inicio de sesión a la infraestructura donde se ejecuta RDBMS Security, comprometer RDBMS Security. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de RDBMS Security. CVSS v3.0 Base Score 3.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4F3D40B7-925C-413D-AFF3-60BF330D5BC2"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95477","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037630","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95477","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037630","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3241","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded, JRockit de Oracle Java SE (subcomponente: RMI). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad difícil de explotar permite a atacante no autenticado con acceso de red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Mientras la vulnerabilidad esté en Java SE, Java SE Embedded, JRockit, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded, JRockit. Nota: Esta vulnerabilidad únicamente puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Untrusted Java Web Start o applets Untrusted Java, como por ejemplo a través de un servicio web. CVSS v3.0 Base Score 9.0 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95488","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"https://www.exploit-db.com/exploits/41145/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41145/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3242","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager). Supported versions that are affected are 3.2 and 3.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM Server for Sparc executes to compromise Oracle VM Server for Sparc. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM Server for Sparc, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle VM Server for Sparc de Oracle Sun Systems Products Suite (subcomponente: LDOM Manager). Versiones compatibles que están afectadas son 3.2 y 3.4. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con inicio de sesión a la infraestructura donde se ejecuta Oracle VM Server for Sparc, comprometer Oracle VM Server for Sparc. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle VM Server for Sparc, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle VM Server for Sparc. CVSS v3.0 Base Score 5.9 (Impactos de disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:N/A:P","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:sparc:*","matchCriteriaId":"8BA52C8E-8A65-497A-9DE6-54342FCC5A10"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:sparc:*","matchCriteriaId":"F2A7DE34-BFA5-407A-B99D-DFD1295CA9B5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95541","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95541","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3243","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Charsets). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores. Vulnerabilidad difícil de explotar permite a atacante con elevados privilegios con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 4.4 (Impactos de disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95538","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95538","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3244","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server component de Oracle MySQL (subcomponente: Server: DML). Versiones compatibles que están afectadas son 5.5.53 y anteriores 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacantes poco privilegiados con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95565","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3245","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login). Supported versions that are affected are 12.0.2 and 12.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Direct Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Direct Banking de Oracle Financial Services Applications (subcomponente: Pre-Login). Versiones compatibles que están afectadas son 12.0.2 y 12.0.3. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Direct Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Direct Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Direct Banking. CVSS v3.0 Base Score 4.7 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_direct_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC13CF11-2880-41FA-9534-7874904FDD82"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_direct_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"FA84D97F-A400-4D39-B60A-63F3407E2B68"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95606","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95606","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3246","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Application Object Library de Oracle E-Business Suite (subcomponente: Patching). Versiones compatibles que están afectadas son 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a atacante con privilegios elevados con inicio de sesión en la infraestructura donde Oracle Application Object Library se ejecuta, compromete Oracle Application Object Library. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Application Object Library así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Application Object Library. CVSS v3.0 Base Score 6.0 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:N","baseScore":3.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_object_library:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F7A59435-A033-48BD-AC2A-140DCF6113DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_object_library:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"73BD1423-F7EE-4B53-AE4B-DFA784F685C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_object_library:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"C95FED83-21C8-4035-BB1B-3C8A93D4645F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_object_library:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"411C3C4C-5513-4F7D-8D58-A39F21F43637"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_object_library:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"3118706C-CD62-4E5A-9846-F083ECA5B799"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95604","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3247","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle GlassFish Server de Oracle Fusion Middleware (subcomponente: Core). Versiones compatibles que están afectadas son 2.1.1, 3.0.1 y 3.1.2. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de SMTP, comprometer Oracle GlassFish Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle GlassFish Server. CVSS v3.0 Base Score 4.3 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95483","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3248","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0 and 12.2.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: Core Components). Versiones compatibles que están afectadas son 10.3.6.0, 12.1.3.0, 12.2.1.0 y 12.2.1.1. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de T3, comprometer Oracle WebLogic Server. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS v3.0 Base Score 9.8 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B40B13B7-68B3-4510-968C-6A730EB46462"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C93CC705-1F8C-4870-99E6-14BF264C3811"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9F57085F-A922-421B-BD10-ECC4F3CB34C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_server:12.2.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"29F4C533-DE42-463B-9D80-5D4C85BF1A5B"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95465","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037632","source":"secalert_us@oracle.com"},{"url":"https://www.exploit-db.com/exploits/44998/","source":"secalert_us@oracle.com"},{"url":"https://www.tenable.com/security/research/tra-2017-07","source":"secalert_us@oracle.com"},{"url":"http://packetstormsecurity.com/files/152357/Oracle-Weblogic-Server-Deserialization-RMI-UnicastRef-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95465","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037632","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/44998/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.tenable.com/security/research/tra-2017-07","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2017-3248-detect-centos-weblogic-rce","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2017-3248-mitigate-centos-weblogic-rce","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3249","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.583","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via LDAP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle GlassFish Server de Oracle Fusion Middleware (subcomponente: Security). Versiones compatibles que están afectadas son 2.1.1, 3.0.1 y 3.1.2. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de LDAP, comprometer Oracle GlassFish Server. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle GlassFish Server así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GlassFish Server y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95484","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3250","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle GlassFish Server de Oracle Fusion Middleware (Subcomponente: Security). Versiones compatibles que están afectadas son 2.1.1, 3.0.1 y 3.1.2. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle GlassFish Server. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle GlassFish Server así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle GlassFish Server y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle GlassFish Server. CVSS v3.0 Base Score 7.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0E80F5AC-A2EF-4D8A-AE8F-5DD0FF9B48C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A56AAEB5-E5A5-44A4-8B82-0C465122F2C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:glassfish_server:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5C8196D0-06A9-4A0B-8864-AA8E8CF2DDB0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95480","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95480","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3251","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.663","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server component de Oracle MySQL (Subcomponente: Server: Optimizer). Versiones compatibles que están afectadas son 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacantes privilegiados elevados con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 4.9 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.16","matchCriteriaId":"8DC73DC2-8D62-4ED4-AC91-CCC929BDC846"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com"},{"url":"http://www.securityfocus.com/bid/95482","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95482","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3252","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.8 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded, JRockit de Oracle Java SE (Subcomponente:JAAS). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad difícil de explotar permite a atacantes poco privilegiados con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Java SE, Java SE Embedded, JRockit, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en creación no autorizada, inserción o borrado de acceso a todos los datos accesibles de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a través de aplicaciones Java Web Start y applets Java aislados. También puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aislados, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 5.8 (Impactos de integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:N/I:P/A:N","baseScore":2.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Not Applicable","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95509","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95509","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3253","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded, JRockit de Oracle Java SE (Subcomponente: 2D). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Vulnerabilidad fácilmente explotable permite a atacantes no autenticados con acceso a la red a través de múltiples protocolos comprometer Java SE, Java SE Embedded, JRockit. Ataques exitosos de esta vulnerabilidad pueden resultar en a capacidad no autorizada para causar un bloqueo o frecuencia de bloqueo repetido (DOS completo) de Java SE, Java SE Embedded, JRockit. Nota: Aplica a la implementación de cliente y servidor de Java. Esta vulnerabilidad puede ser explotada a través de aplicaciones Java Web Start y applets Java aislados. También puede ser explotada suministrando datos de APIs en el componente especificado sin utilizar aplicaciones Java Web Start o applets Java aislados, como por ejemplo mediante un servicio web. CVSS v3.0 Base Score 7.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jrockit:r28.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CE1A57E9-0134-466F-B8EE-9E38A844F865"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95498","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95498","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3255","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.757","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. While the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle JDeveloper accessible data. CVSS v3.0 Base Score 5.8 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle JDeveloper de Oracle Fusion Middleware (subcomponente: ADF Faces). Versiones compatibles que están afectadas son 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 y 12.2.1.2.0. Vulnerabilidad fácilmente explotable permite a atacantes no autenticados con acceso a la red a través de HTTP, comprometer Oracle JDeveloper. Mientras la vulnerabilidad esté en Oracle JDeveloper, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle JDeveloper. CVSS v3.0 Base Score 5.8 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"07EF593B-376C-4367-B9FB-1F429062576C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"A7506589-9B3B-49BA-B826-774BFDCC45B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"2B70A973-A5C5-4E51-B93C-C22888E24FF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"042C243F-EDFE-4A04-AB0B-26E73CC34837"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"204CEEBC-3D7C-483D-99D6-264EEFAE968C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"0061C130-67E8-45CD-8463-15D6661419AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"739DC3EA-E25A-449B-8468-9A65AECC47C4"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95543","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95543","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3256","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.773","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Replication). Versiones compatibles que están afectadas son 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.16","matchCriteriaId":"8DC73DC2-8D62-4ED4-AC91-CCC929BDC846"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95486","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95486","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3257","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.803","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: InnoDB). Versiones compatibles que están afectadas son 5.6.34 y versiones anteriores 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacantes poco privilegiados con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impacto de disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.8","matchCriteriaId":"F782A66A-6419-4124-8B0E-5F2BCCF209E4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95589","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95589","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3258","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.850","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: DDL). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95560","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95560","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3259","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.880","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 3.7 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Deployment). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112. Vulnerabilidad difícil de explotar permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 3.7 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95570","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95570","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3260","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: AWT). Versiones compatibles que están afectadas son Java SE: 7u121 y 8u112. Vulnerabilidad difícil de explotar permite a atacantes no autenticados con acceso a la red a través de múltiples, protocolos comprometer Java SE. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Java SE, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE. Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 8.3 (Impactos de confidencialidad, integridad y disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95576","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95576","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3261","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.960","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded de Oracle Java SE (subcomponente: Networking). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95566","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95566","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3262","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:02.990","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: Applies to Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE de Oracle Java SE (subcomponente: Java Mission Control). Versiones compatibles que están afectadas son Java SE: 8u112. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Java SE. Nota: Se aplica a Java Mission Control Installation. CVSS v3.0 Base Score 5.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95578","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95578","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3263","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.023","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Primavera P6 Enterprise Project Portfolio Management de Oracle Primavera Products Suite (subcomponente: Team Member). Versiones compatibles que están afectadas son 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 y 16.2. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Primavera P6 Enterprise Project Portfolio Management. Ataques exitosos de esta vulnerabilidad pueden resultar en creación no autorizada, inserción o borrado de acceso a todos los datos accesibles de Primavera P6 Enterprise Project Portfolio Management así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 8.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*","matchCriteriaId":"A56DC460-26F5-453E-A5BC-4C60AA3212EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*","matchCriteriaId":"A47BF03C-BF18-4477-9DBB-20EFEA53AFAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*","matchCriteriaId":"84BF6794-2CE6-407F-B8E0-81871AB7B40B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*","matchCriteriaId":"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*","matchCriteriaId":"3F021C23-AB9B-4877-833F-D01359A98762"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*","matchCriteriaId":"2F8ED016-32A1-42EE-844E-3E6B2C116B74"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*","matchCriteriaId":"A046CC2C-445F-4336-8810-930570B4FEC6"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95535","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95535","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3264","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.053","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 3.1 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Siebel UI Framework de Oracle Siebel CRM (subcomponente: Open UI). La versión compatible que está afectada es 16.1. Vulnerabilidad difícil de explotar permite a un atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Siebel UI Framework. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Siebel UI Framework. CVSS v3.0 Base Score 3.1 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_ui_framework:16.1:*:*:*:*:*:*:*","matchCriteriaId":"9BD84548-0B49-4400-B29D-420E5A708AC4"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95508","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037635","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95508","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037635","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3265","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts)."},{"lang":"es","value":"\"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Packaging). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad difícil de explotar permite a un atacante privilegiado con inicio de sesión en la infraestructura donde MySQL Server se ejecuta, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de MySQL Server y capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 5.6 (Impactos de Confidencialidad y Disponibilidad).\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:H","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.3,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:P","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95520","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3266","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.117","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. la puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 9.8 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95507","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95507","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3267","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. la puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 7.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95513","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95513","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3268","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. La puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. Base Score 7.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95522","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95522","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3269","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. La puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. (Impacto de disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95524","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95524","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3270","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código de Outside In Technology. la puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 7.5 (Impacto de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95529","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3271","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters ). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Outside In Technology así como en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Outside In Technology y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. la puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 8.6 (Impacto de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95532","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95532","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3272","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded de Oracle Java SE (subcomponente: Libraries). Versiones compatibles que están afectadas son Java SE: 6u131, 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Java SE, Java SE Embedded los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 9.6 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"B1384D79-F9DA-44C5-A3C9-3CCE627B2255"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.6:update_131:*:*:*:*:*:*","matchCriteriaId":"C747C39A-145E-4648-99C2-0A8C7BA77F11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95533","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0177.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0338.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3273","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: DDL). Versiones compatibles que están afectadas son 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 6.5 (Impacto de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95583","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3274","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.413","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Email Center de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Email Center. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Email Center los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Email Center así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Email Center. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1898484-F93B-422D-949C-73272AF8C486"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"A7437698-A0C0-4038-9786-01ABEFC9E2E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"4E5439E4-ED00-4CA9-9585-A1B339CB9ACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"DBBC5B43-4326-49EC-BDBD-3AB13D7A00D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6BD11784-A642-4F43-9D98-73DE8A245B22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"6337D432-6BEC-4632-A2C9-40D00CE89390"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCEE9FFA-9A5F-4C00-8975-8407D5CC5077"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95591","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95591","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3275","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Email Center de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Email Center. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Email Center, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos pueden resultar en un acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Email Center así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Email Center. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E1898484-F93B-422D-949C-73272AF8C486"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"A7437698-A0C0-4038-9786-01ABEFC9E2E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"4E5439E4-ED00-4CA9-9585-A1B339CB9ACD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"DBBC5B43-4326-49EC-BDBD-3AB13D7A00D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"6BD11784-A642-4F43-9D98-73DE8A245B22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"6337D432-6BEC-4632-A2C9-40D00CE89390"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:email_center:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCEE9FFA-9A5F-4C00-8975-8407D5CC5077"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95593","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95593","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3276","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: Kernel Zones virtualized block driver). La versión compatible que está afectada es 11.3. Vulnerabilidad difícil de explotar permite a un atacante con privilegios elevados con inicio de sesión en la infraestructura donde Solaris se ejecuta, comprometer Solaris. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Solaris capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Solaris. CVSS v3.0 Base Score 5.7 (Impactos de Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:S/C:N/I:P/A:P","baseScore":3.0,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":2.7,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","matchCriteriaId":"79A602C5-61FE-47BA-9786-F045B6C6DBA8"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95544","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037641","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95544","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037641","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3277","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS v3.0 Base Score 4.9 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Applications Manager de Oracle E-Business Suite (subcomponente: OAM Client). Versiones compatibles que están afectadas son 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante con privilegios elevados con acceso a la red a través de HTTP, comprometer Oracle Applications Manager. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Applications Manager. CVSS v3.0 Base Score 4.9 (Impacto de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_manager:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C2FDF7A2-A97E-46CD-8F20-BF4A1C4F0058"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_manager:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"BB2D2D24-EA72-498B-85F7-BC6E5C84DBCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_manager:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"A63E4612-0D49-4EAE-80B8-8E3FF1788F34"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_manager:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"96DB997D-7686-4B5E-8816-58A4E0009AB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_manager:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"25B77673-EA2B-4C7E-915E-0CD3AAC67F57"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95617","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95617","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3278","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: Request Confirmation). La versión compatible que está afectada es 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95600","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3279","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Leads Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Leads Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Leads Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Leads Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Leads Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Leads Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Leads Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Leads Management así como resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Leads Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:leads_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"054E2F00-7BA0-481F-8F3B-C0FA368EFE29"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:leads_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4AA83CEB-776D-48B9-8C1B-7E549A645771"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:leads_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"CAA4C619-4956-44DE-BFFF-FE6FC6EA05D5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95614","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95614","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3280","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Partner Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Partner Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Partner Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Partner Management. CVSS v3.0 Base Score 4.7 (Impactos de integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"44DEDB63-A872-4D5F-BBD6-C5195E58D3BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"52E51301-7392-4862-BF3F-8B6E14CCC684"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"15079C95-2741-4267-A99C-37474BF16F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2DD024FC-DADD-443D-9F29-2C6F0E2BC0B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"EF8F3A48-9F1D-44A7-8053-1C23F381FE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"0680EA5E-5BCC-44DE-9421-814B2386B96B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DA4C076D-91C9-41E9-A092-D63C8529C942"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95577","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95577","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3281","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Partner Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Partner Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Partner Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Partner Management. CVSS v3.0 Base Score 4.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"44DEDB63-A872-4D5F-BBD6-C5195E58D3BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"52E51301-7392-4862-BF3F-8B6E14CCC684"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"15079C95-2741-4267-A99C-37474BF16F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2DD024FC-DADD-443D-9F29-2C6F0E2BC0B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"EF8F3A48-9F1D-44A7-8053-1C23F381FE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"0680EA5E-5BCC-44DE-9421-814B2386B96B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DA4C076D-91C9-41E9-A092-D63C8529C942"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com"},{"url":"http://www.securityfocus.com/bid/95582","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95582","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3282","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.663","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Partner Management de E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Partner Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Partner Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Partner Management. CVSS v3.0 Base Score 4.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"44DEDB63-A872-4D5F-BBD6-C5195E58D3BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"52E51301-7392-4862-BF3F-8B6E14CCC684"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"15079C95-2741-4267-A99C-37474BF16F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2DD024FC-DADD-443D-9F29-2C6F0E2BC0B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"EF8F3A48-9F1D-44A7-8053-1C23F381FE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"0680EA5E-5BCC-44DE-9421-814B2386B96B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DA4C076D-91C9-41E9-A092-D63C8529C942"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95586","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95586","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3283","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Partner Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Partner Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Partner Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Partner Management. CVSS v3.0 Base Score 4.7 (Impactos de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"44DEDB63-A872-4D5F-BBD6-C5195E58D3BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"52E51301-7392-4862-BF3F-8B6E14CCC684"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"15079C95-2741-4267-A99C-37474BF16F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2DD024FC-DADD-443D-9F29-2C6F0E2BC0B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"EF8F3A48-9F1D-44A7-8053-1C23F381FE9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"0680EA5E-5BCC-44DE-9421-814B2386B96B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:partner_management:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DA4C076D-91C9-41E9-A092-D63C8529C942"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95587","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95587","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3284","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Una vulnerabilidad en el componente Oracle Service Fulfillment Manager de E-Business Suite de Oracle (subcomponente: User Interface). Las versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Una vulnerabilidad fácilmente explotable permite a los atacantes no autenticados con acceso a la red por medio de HTTP comprometer a Oracle Service Fulfillment Manager. Los ataques con éxito requieren la interacción humana de una persona diferente del atacante y, aunque la vulnerabilidad esta en Oracle Service Fulfillment Manager, los ataques pueden impactar significativamente a productos adicionales. Los ataques con éxito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o en un acceso completo a todos los datos accesibles de Oracle Service Fulfillment Manager, así como también en actualizaciones no autorizadas, y en insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Service Fulfillment Manager. CVSS versión 3.0 Puntuación base 8.2 (Impactos de confidencialidad e integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BC7DF672-FBC4-4BB4-943C-5ABB2EE4C075"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"59124B47-8D70-4A87-B76F-1B18D737817C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9CFF1857-16D0-4DD1-8F5F-BF4F0C8401E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"E8A39954-BD27-4C24-B183-C8AF14876721"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"10038C5E-9CF8-48D0-B107-D733E5EBDCDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"4003C935-10FF-458F-86A6-9FF96244063D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"10D5EA0A-D136-4DB6-866E-43BD01F49761"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95613","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95613","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3285","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.757","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Service Fulfillment Manager de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Service Fulfillment Manager. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Service Fulfillment Manager, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Service Fulfillment Manager así como resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Service Fulfillment Manager. CVSS v3.0 Base Score 8.2 (Impactos de Integridad y Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BC7DF672-FBC4-4BB4-943C-5ABB2EE4C075"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"59124B47-8D70-4A87-B76F-1B18D737817C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9CFF1857-16D0-4DD1-8F5F-BF4F0C8401E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"E8A39954-BD27-4C24-B183-C8AF14876721"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"10038C5E-9CF8-48D0-B107-D733E5EBDCDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"4003C935-10FF-458F-86A6-9FF96244063D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:service_fulfillment_manager:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"10D5EA0A-D136-4DB6-866E-43BD01F49761"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95615","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95615","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3286","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Applications DBA de Oracle E-Business Suite (subcomponente: Patching). Versiones compatibles que están afectadas son 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante con privilegios elevados con inicio de sesión en la infraestructura donde Oracle Applications DBA se ejecuta, comprometer Oracle Applications DBA. Ataques exitosos de esta vulnerabilidad pueden resultar en una creación no autorizada, borrado o modificación de acceso a datos críticos o a todos los datos accesibles de Oracle Applications DBA así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Applications DBA. CVSS v3.0 Base Score 6.0 (Impactos de Integridad y Confidencialidad)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:N","baseScore":3.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_dba:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"44E064D5-BDE1-4040-BC83-9BECED3299DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_dba:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"479AF1FF-B81F-4FAE-866B-70EDDA900EAA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_dba:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"ED5A8EFC-607E-40E5-A732-51B23C1D7460"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_dba:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"CC89B9D8-3C9F-44E1-83F7-246AC0F06918"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:applications_dba:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"007AA843-EE17-4B19-969B-CA7749EB2ACE"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95598","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95598","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3287","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle iStore de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle iStore. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle iStore, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle iStore así como resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle iStore. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad))."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7F97E907-8C38-44D8-8787-E7BD95B3ACE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F9FC7EAC-DC83-466B-BEC7-459E82DF014D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3B70A22F-D67A-4BF6-AF17-686BF3A9BCB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"8355653B-79DD-4DCB-83CA-066BE4D8D9D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0A91551D-F3E4-4852-A333-733A28F49CF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"5E501CF6-0457-4160-9FD9-14B903219DBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"9E835828-6E56-472F-B497-DB5D90FF49F3"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95616","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95616","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3289","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.850","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Java SE, Java SE Embedded de Oracle Java SE (subcomponente: Hotspot). Versiones compatibles que están afectadas son Java SE: 7u121 y 8u112; Java SE Embedded: 8u111. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer Java SE, Java SE Embedded. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Java SE, Java SE Embedded, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Java SE, Java SE Embedded. Nota: Esta vulnerabilidad aplica a implementaciones Java, normalmente en clientes que ejecutan aplicaciones Java Web Start o applets Java aisladas, que cargan y ejecutan código no confiable (e.j: Código procedente de internet) y depende del aislamiento de seguridad de Java. Esta vulnerabilidad no se aplica a implementaciones JAVA, normalmente en servidores, que cargan y ejecutan solo código de confianza (e.j: Código instalado por un administrador). CVSS v3.0 Base Score 9.6 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"92EF1E3B-6EF8-499A-84EA-D7792B181CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"73185AEF-8CB1-4728-9E99-D0D2A3419D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdk:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"BEB76EC4-557F-4C67-BE1E-79E837043B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.7:update_121:*:*:*:*:*:*","matchCriteriaId":"706F9471-3647-4D13-B794-4F53700091F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_111:*:*:*:*:*:*","matchCriteriaId":"1ED8B5A9-E738-430E-9FC6-206DFC98B965"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jre:1.8:update_112:*:*:*:*:*:*","matchCriteriaId":"4AA3E574-DC5D-465B-95B8-CD1AF5433646"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"secalert_us@oracle.com"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95525","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037637","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"secalert_us@oracle.com"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"secalert_us@oracle.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0176.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0180.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0263.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0269.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0336.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0337.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95525","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037637","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201707-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20170119-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3290","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.880","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle VM VirtualBox de Oracle Virtualization (subcomponente: Shared Folder). Versiones compatibles que están afectadas son VirtualBox en versiones anteriores a 5.0.32 y versiones anteriores a 5.1.14. Vulnerabilidad fácilmente explotable permite a un atacante con privilegios elevados con inicio de sesión en la infraestructura donde Oracle VM VirtualBox se ejecuta, comprometer Oracle VM VirtualBox. Mientras la vulnerabilidad esté en Oracle VM VirtualBox, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle VM VirtualBox y capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle VM VirtualBox. CVSS v3.0 Base Score 7.9 (Impactos de Integridad y Disponibilidad)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:P/A:P","baseScore":3.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*","matchCriteriaId":"8F94D50F-3A18-49D0-B238-91647215AF12"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*","matchCriteriaId":"8899F709-B14F-4889-958D-F9782EE3B9C9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95601","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037638","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95601","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037638","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3291","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.913","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Packaging). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante con privilegios elevados con inicio de sesión en la infraestructura donde MySQL Server se ejecuta, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de MySQL Server. CVSS v3.0 Base Score 6.3 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:P/I:P/A:P","baseScore":3.5,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":1.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95501","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95501","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3292","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.943","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: Integration Broker). Versiones compatibles que están afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos pueden resultar en un acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS v3.0 Base Score 5.7 (Impactos de Confidencialidad)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","matchCriteriaId":"CDD82442-3535-4BB9-8888-F61A35B900AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","matchCriteriaId":"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95502","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3293","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:03.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters ). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Outside In Technology. Ataques exitosos pueden resultar en un acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Outside In Technology así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Outside In Technology y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. la puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 8.6 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95534","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95534","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3294","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.007","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters ). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. La puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 7.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95536","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"https://www.tenable.com/security/research/tra-2017-03","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95536","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.tenable.com/security/research/tra-2017-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3295","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.037","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Outside In Technology de Oracle Fusion Middleware (subcomponente: Outside In Filters ). Versiones compatibles que están afectadas son 8.5.2 y 8.5.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Outside In Technology. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle Outside In Technology. Nota: Outside In Technology es un conjunto de kits de desarrollo de software (SDKs). El protocolo y la puntuación de CVSS depende del software que utiliza el código Outside In Technology. La puntuación de CVSS asume que el software pasa los datos recibidos a través de una red directamente al código de Outside In Technology, pero si los datos no se reciben a través de una red, la puntuación CVSS puede ser menor. CVSS v3.0 Base Score 7.5 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"05232480-EB9C-4882-9F54-D32996D20657"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:outside_in_technology:8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"10DD6CB3-ED55-465D-AB98-13EFD013AE47"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95539","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"secalert_us@oracle.com"},{"url":"https://www.tenable.com/security/research/tra-2017-03","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95539","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037631","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.tenable.com/security/research/tra-2017-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3296","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.070","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 10.0.3.5, 10.2.0.5 and 11.2.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Platform accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Commerce Platform de Oracle Commerce (subcomponente: Dynamo Application Framework). Versiones compatibles que están afectadas son 10.0.3.5, 10.2.0.5 y 11.2.0.2. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Commerce Platform. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Commerce Platform. CVSS v3.0 Base Score 4.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_platform:10.0.3.5:*:*:*:*:*:*:*","matchCriteriaId":"9EC3BD4A-9240-4F7F-8979-09C125521715"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_platform:10.2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DCC6415C-CEC2-482A-8862-884CF6C36EF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:commerce_platform:11.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9F9C1B35-10B4-4173-B838-F0874708964B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3297","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework). Supported versions that are affected are 12.0.2 and 12.0.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Direct Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Direct Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Direct Banking de Oracle Financial Services Applications (subcomponente: Framework). Versiones compatibles que están afectadas son 12.0.2 y 12.0.3. Vulnerabilidad de difícil explotación permite a un atacante poco privilegiado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Direct Banking. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle FLEXCUBE Direct Banking. CVSS v3.0 Base Score 5.3 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_direct_banking:12.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC13CF11-2880-41FA-9534-7874904FDD82"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_direct_banking:12.0.3:*:*:*:*:*:*:*","matchCriteriaId":"FA84D97F-A400-4D39-B60A-63F3407E2B68"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95603","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95603","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3298","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: PIA Core Technology). Versiones compatibles que están afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en PeopleSoft Enterprise PeopleTools, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de PeopleSoft Enterprise PeopleTools así como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","matchCriteriaId":"CDD82442-3535-4BB9-8888-F61A35B900AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","matchCriteriaId":"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95504","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95504","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3299","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.163","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: PIA Search Functionality). Versiones compatibles que están afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en PeopleSoft Enterprise PeopleTools, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de PeopleSoft Enterprise PeopleTools así como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","matchCriteriaId":"CDD82442-3535-4BB9-8888-F61A35B900AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","matchCriteriaId":"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95503","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95503","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3300","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise PeopleTools de Oracle PeopleSoft Products (subcomponente: Multichannel Framework). Versiones compatibles que están afectadas son 8.54 y 8.55. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise PeopleTools. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en PeopleSoft Enterprise PeopleTools, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de PeopleSoft Enterprise PeopleTools así como acceso de lectura no autorizado a un subconjunto de datos accesibles de PeopleSoft Enterprise PeopleTools. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","matchCriteriaId":"CDD82442-3535-4BB9-8888-F61A35B900AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","matchCriteriaId":"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95505","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95505","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://erpscan.io/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3301","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS v3.0 Base Score 3.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Solaris de Oracle Sun Systems Products Suite (subcomponente: Kernel). La versión compatible que está afectada es 11.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con inicio de sesión a la infraestructura donde Solaris se ejecuta, comprometer Solaris. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Solaris. CVSS v3.0 Base Score 3.3 (Impacto de Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:P/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*","matchCriteriaId":"79A602C5-61FE-47BA-9786-F045B6C6DBA8"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com"},{"url":"http://www.securityfocus.com/bid/95567","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037641","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95567","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037641","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3303","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle XML Gateway de Oracle E-Business Suite (subcomponente: Oracle Transport Agent). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle XML Gateway. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle XML Gateway, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle XML Gateway así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle XML Gateway. CVSS v3.0 Base Score 8.2 (Impacto de Integridad y Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"EB33C58F-B338-47CB-B68D-9D660D92F1CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F25CCBFD-2BBD-417A-8A0F-9FB5986D9170"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2CAA16ED-84E5-4680-9BE6-C64B40550C57"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"41B07737-F462-453C-98F4-546D633514E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F0528F5D-B4EE-48DE-AE44-5F76A86F0C00"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"F6D11537-BA49-462F-99D5-68E200D7D1C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:xml_gateway:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"54313D00-DFF6-4FFE-86D4-B0DACBDC1298"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95602","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95602","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3310","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the OJVM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4 and 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise OJVM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in OJVM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of OJVM. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente OJVM de Oracle Database Server. Versiones compatibles que estan afectadas son 11.2.0.4 y 12.1.0.2. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado poseedor de privilegio Create Session, Create Procedure con acceso a la red a través de múltiples protocolos, comprometer OJVM. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en OJVM, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de OJVM. CVSS v3.0 Base Score 9.0 (Impactos de Integridad, Confidencialidad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5100F5C8-D5F8-466B-AABE-E42B3770B39D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F3C58EE-B36B-4081-A307-0FE9B52D8E62"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95481","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037630","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037630","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3311","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Application Testing Suite de Oracle Enterprise Manager Grid Control (subcomponente: Test Manager for Web Apps). Versiones compatibles que están afectadas son 12.5.0.3, 12.5.0.2 y 12.4.0.2. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Application Testing Suite. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Application Testing Suite. CVSS v3.0 Base Score 5.3 (Impactos de integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"08F3E8E4-BD91-4220-B710-960A45C232D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"62E818A9-663D-4AFB-B3D6-686CE4DB9676"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"17EA8B91-7634-4636-B647-1049BA7CA088"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95584","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037633","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95584","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037633","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3312","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.350","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Packaging). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores, 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante poco privilegiado con un inicio de sesión a la infraestructura donde MySQL Server se ejecuta, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de MySQL Server. CVSS v3.0 Base Score 6.7 (Impactos de Integridad, Confidencialidad y Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:P/I:P/A:P","baseScore":3.5,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":1.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95491","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3313","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.383","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: MyISAM). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores, 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante poco privilegiado con un inicio de sesión a la infraestructura donde MySQL Server ejecuta a comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de MySQL Server. CVSS v3.0 Base Score 4.7 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:S/C:P/I:N/A:N","baseScore":1.5,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":2.7,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*","matchCriteriaId":"01EDA41C-6B2E-49AF-B503-EB3882265C11"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","matchCriteriaId":"E2076871-2E80-4605-A470-A41C1A8EC7EE"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*","matchCriteriaId":"7F61F047-129C-41A6-8A27-FFCBB8563E91"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","matchCriteriaId":"133AAFA7-AF42-4D7B-8822-AA2E85611BF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*","matchCriteriaId":"569964DA-31BE-4520-A66D-C3B09D557AB8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","matchCriteriaId":"54D669D4-6D7E-449D-80C1-28FA44F06FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*","matchCriteriaId":"1F3BEFDB-5156-4E1C-80BB-8BE9FEAA7623"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*","matchCriteriaId":"835AE071-CEAE-49E5-8F0C-E5F50FB85EFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.55","matchCriteriaId":"88990BBC-2BEC-41C1-8628-5B78AEAAEC79"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.30","matchCriteriaId":"54A6C1D7-D1CC-4504-BF4C-0DFCC3FEA297"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.22","matchCriteriaId":"F41E7F44-7EDF-4AA0-9AB6-4773D74E8D28"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndExcluding":"10.2.5","matchCriteriaId":"5A7C3774-0062-4200-B63B-B0503C4B7738"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3809","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95527","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95527","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3314","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.413","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.0, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle FLEXCUBE Universal Banking de Oracle Financial Services Applications (subcomponente: Core). Versiones compatibles que están afectadas son 12.0.0, 12.1.0 y 12.2.0. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle FLEXCUBE Universal Banking. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle FLEXCUBE Universal Banking, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle FLEXCUBE Universal Banking así como acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.1 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0F9582BE-825E-4427-A3D9-39857AAC9D70"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"E9EF4050-D40E-4D2E-91B9-5387B2464208"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_universal_banking:12.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CA52AE9-989E-40B4-A9CF-9E45EABEB54B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95549","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037636","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3315","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente PeopleSoft Enterprise HCM ePerformance de Oracle PeopleSoft Products (subcomponente: Security). La versión compatible que está afectada es 9.2. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con acceso a la red a través de HTTP, comprometer PeopleSoft Enterprise HCM ePerformance. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de HCM ePerformance. CVSS v3.0 Base Score 4.3 (Impactos de confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_eperformance:9.2:*:*:*:*:*:*:*","matchCriteriaId":"17C7DCD6-E940-41D3-AA12-50490E49AB4A"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95510","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95510","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037634","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3316","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle VM VirtualBox de Oracle Virtualization (subcomponente: GUI). Versiones compatibles que están afectadas son VirtualBox anterior a 5.0.32 y anterior a 5.1.14. Vulnerabilidad fácilmente explotable permite a un atacante con privilegios elevados con acceso a la red a través de múltiples protocolos, comprometer Oracle VM VirtualBox. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle VM VirtualBox, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en la toma de control de Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Impactos de Integridad, Confidencialidad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.7,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*","matchCriteriaId":"8F94D50F-3A18-49D0-B238-91647215AF12"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*","matchCriteriaId":"8899F709-B14F-4889-958D-F9782EE3B9C9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95579","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037638","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"secalert_us@oracle.com"},{"url":"https://www.exploit-db.com/exploits/41196/","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95579","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037638","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41196/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3317","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.507","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Logging). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores, 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante con privilegios elevados con inicio de sesión a la infraestructura donde MySQL Server se ejecuta, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de MySQL Server. CVSS v3.0 Base Score 4.0 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.3,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:S/C:N/I:N/A:P","baseScore":1.5,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":2.7,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95585","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95585","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3318","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Error Handling). Versiones compatibles que están afectadas son 5.5.53 y versiones anteriores, 5.6.34 y versiones anteriores y 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante con privilegios elevados con inicio de sesión a la infraestructura donde MySQL Server se ejecuta, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de MySQL Server CVSS v3.0 Base Score 4.0 (Impacto de Confidencialidad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.3,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:S/C:P/I:N/A:N","baseScore":1.0,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":1.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndIncluding":"5.5.53","matchCriteriaId":"DA05707F-9B38-4C5D-9367-D7DF52658AEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndIncluding":"5.6.34","matchCriteriaId":"E9C89C4E-C358-485A-9097-50232C9C6F22"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndIncluding":"5.7.16","matchCriteriaId":"5E5267D6-D424-4FB6-80CD-E13132083522"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5.0","versionEndExcluding":"5.5.54","matchCriteriaId":"7425B1AD-88EE-4E62-8F91-F3FE413F0F4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.29","matchCriteriaId":"5750A91A-1784-4DE9-B72C-61A3B48B0892"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.21","matchCriteriaId":"70247F46-D133-4E30-AE2F-8974DEFDA1AA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3767","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95588","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95588","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3319","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: X Plugin). Versiones compatibles que están afectadas son 5.7.16 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante poco privilegiado con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. CVSS v3.0 Base Score 3.1 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.16","matchCriteriaId":"8DC73DC2-8D62-4ED4-AC91-CCC929BDC846"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95479","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95479","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3320","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Server de Oracle MySQL (subcomponente: Server: Security: Encryption). Versiones compatibles que están afectadas son 5.7.16 y versiones anteriores. Vulnerabilidad fácilmente explotable permite a un atacante con privilegios elevados con acceso a la red a través de múltiples protocolos, comprometer MySQL Server. Ataques exitosos requieren interacción humana de una persona distinta del atacante. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso de lectura no autorizado a un subconjunto de datos accesibles de MySQL Server. CVSS v3.0 Base Score 2.4 (Impactos de Confidencialidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionEndIncluding":"5.7.16","matchCriteriaId":"8DC73DC2-8D62-4ED4-AC91-CCC929BDC846"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95470","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95470","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2886","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-17","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3321","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.633","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Cluster de Oracle MySQL (subcomponente: Cluster: General). Versiones compatibles que están afectadas son 7.2.19 y versiones anteriores 7.3.8 y versiones anteriores y 7.4.5 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer MySQL Cluster. Ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de MySQL Cluster. CVSS v3.0 Base Score 3.7 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.19","matchCriteriaId":"BF2EE9FE-4A95-4624-9DBE-141A4ABB69C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.8","matchCriteriaId":"D0C7AC16-6C03-4920-B652-A76B5B4607BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4.5","matchCriteriaId":"D23426A5-8B33-4804-AE63-04D4BB07DC7E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95562","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95562","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3322","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.663","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Cluster de Oracle MySQL (subcomponente: Cluster: NDBAPI). Versiones compatibles que están afectadas son 7.2.25 y versiones anteriores, 7.3.14 y versiones anteriores 7.4.12 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer MySQL Cluster. Ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de MySQL Cluster. CVSS v3.0 Base Score 3.7 (Impactos de disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.25","matchCriteriaId":"070550F1-8546-40D4-A5D6-4F379EC6BA24"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.14","matchCriteriaId":"FDE7B669-245E-42A0-A6FF-DA4032B5019E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4.12","matchCriteriaId":"3BB55F73-6DC7-4534-B39D-163A5D565884"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95574","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95574","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3323","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente MySQL Cluster de Oracle MySQL (subcomponente: Cluster: General). Versiones compatibles que están afectadas son 7.2.25 y versiones anteriores 7.3.14 y versiones anteriores y 7.4.12 y versiones anteriores. Vulnerabilidad de difícil explotación permite a un atacante no autenticado con acceso a la red a través de múltiples protocolos, comprometer MySQL Cluster. Ataques exitosos de esta vulnerabilidad pueden resultar en una capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de MySQL Cluster. CVSS v3.0 Base Score 3.7 (Impactos de Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.25","matchCriteriaId":"070550F1-8546-40D4-A5D6-4F379EC6BA24"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.14","matchCriteriaId":"FDE7B669-245E-42A0-A6FF-DA4032B5019E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*","versionEndIncluding":"7.4.12","matchCriteriaId":"3BB55F73-6DC7-4534-B39D-163A5D565884"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95575","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037640","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95575","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037640","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3324","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. While the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Primavera P6 Enterprise Project Portfolio Management de Oracle Primavera Products Suite (subcomponente: Web Access). Versiones compatibles que están afectadas son 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 y 16.2. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Primavera P6 Enterprise Project Portfolio Management. Mientras la vulnerabilidad esté en Primavera P6 Enterprise Project Portfolio Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en una creación no autorizada, borrado o modificación de acceso a datos críticos o a todos los datos accesibles de Primavera P6 Enterprise Project Portfolio Management así como acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Primavera P6 Enterprise Project Portfolio Management y capacidad no autorizada para provocar una denegación de servicio parcial (DOS parcial) de Primavera P6 Enterprise Project Portfolio Management. CVSS v3.0 Base Score 10.0 (Impactos de Confidencialidad, Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.2:*:*:*:*:*:*:*","matchCriteriaId":"A56DC460-26F5-453E-A5BC-4C60AA3212EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.3:*:*:*:*:*:*:*","matchCriteriaId":"A47BF03C-BF18-4477-9DBB-20EFEA53AFAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:8.4:*:*:*:*:*:*:*","matchCriteriaId":"84BF6794-2CE6-407F-B8E0-81871AB7B40B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.1:*:*:*:*:*:*:*","matchCriteriaId":"93A4E178-0082-45C5-BBC0-0A4E51C8B1DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:15.2:*:*:*:*:*:*:*","matchCriteriaId":"3F021C23-AB9B-4877-833F-D01359A98762"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1:*:*:*:*:*:*:*","matchCriteriaId":"2F8ED016-32A1-42EE-844E-3E6B2C116B74"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2:*:*:*:*:*:*:*","matchCriteriaId":"A046CC2C-445F-4336-8810-930570B4FEC6"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95528","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95528","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3325","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.773","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Siebel UI Framework de Oracle Siebel CRM (subcomponente: EAI). La versión compatible que está afectada es 16.1. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Siebel UI Framework. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Siebel UI Framework, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Siebel UI Framework así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Siebel UI Framework. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_ui_framework:16.1:*:*:*:*:*:*:*","matchCriteriaId":"9BD84548-0B49-4400-B29D-420E5A708AC4"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95494","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037635","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95494","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037635","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3326","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.803","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Common Applications de Oracle E-Business Suite (subcomponente: Role Summary). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Common Applications. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Common Applications, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Common Applications así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Common Applications. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AD375D75-8B6E-43C0-A747-F3DA4FD147A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BE04C6C2-4818-403E-B2D0-5220BDC39C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"61F4DED6-1E2A-4DD4-8D90-BD319DF993AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FC27227D-8844-4D2E-979D-91AAA657155E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BB5C9C61-EFCD-41CD-8EFB-A9ECBD7DCC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B20D8C53-46D2-409B-B24A-B6023F6DF4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"D0505D42-88E5-4DB5-BB6E-473522DF2B23"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95611","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3327","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Common Applications de Oracle E-Business Suite (subcomponente: Resources Module). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP, comprometer Oracle Common Applications. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Common Applications, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Common Applications así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Common Applications. CVSS v3.0 Base Score 8.2 (Impactos de Integridad y Confidencialidad)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AD375D75-8B6E-43C0-A747-F3DA4FD147A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BE04C6C2-4818-403E-B2D0-5220BDC39C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"61F4DED6-1E2A-4DD4-8D90-BD319DF993AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FC27227D-8844-4D2E-979D-91AAA657155E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BB5C9C61-EFCD-41CD-8EFB-A9ECBD7DCC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B20D8C53-46D2-409B-B24A-B6023F6DF4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"D0505D42-88E5-4DB5-BB6E-473522DF2B23"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95618","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95618","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3328","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.867","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Common Applications de Oracle E-Business Suite (subcomponente: Resources Module). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Common Applications. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Common Applications, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Common Applications así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Common Applications. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AD375D75-8B6E-43C0-A747-F3DA4FD147A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BE04C6C2-4818-403E-B2D0-5220BDC39C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"61F4DED6-1E2A-4DD4-8D90-BD319DF993AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FC27227D-8844-4D2E-979D-91AAA657155E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BB5C9C61-EFCD-41CD-8EFB-A9ECBD7DCC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B20D8C53-46D2-409B-B24A-B6023F6DF4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"D0505D42-88E5-4DB5-BB6E-473522DF2B23"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95610","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95610","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3330","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI). The supported version that is affected is 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Siebel UI Framework accessible data as well as unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS v3.0 Base Score 7.6 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Siebel UI Framework de Oracle Siebel CRM (subcomponente: Open UI). La versión compatible que está afectada es 16.1. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con acceso a la red a través de HTTP comprometer Siebel UI Framework. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Siebel UI Framework, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Siebel UI Framework así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Siebel UI Framework. CVSS v3.0 Base Score 7.6 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:siebel_ui_framework:16.1:*:*:*:*:*:*:*","matchCriteriaId":"9BD84548-0B49-4400-B29D-420E5A708AC4"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95499","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037635","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95499","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037635","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3332","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Integrity and Availability impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle VM VirtualBox de Oracle Virtualization (subcomponente: VirtualBox SVGA Emulation). Versiones compatibles que están afectadas son VirtualBox anterior a 5.0.32 y anterior a 5.1.14. Vulnerabilidad fácilmente explotable permite a un atacante poco privilegiado con inicio de sesión a la infraestructura donde Oracle VM VirtualBox se ejecuta, comprometer Oracle VM VirtualBox. Mientras la vulnerabilidad esté en Oracle VM VirtualBox, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en una creación no autorizada, borrado o modificación de acceso a datos críticos o a todos los datos accesibles de Oracle VM VirtualBox y capacidad no autorizada para provocar un cuelgue o bloqueo frecuentemente repetible (DOS completo) de Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4 (Impactos de Integridad y Disponibilidad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:P","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.0.30:*:*:*:*:*:*:*","matchCriteriaId":"8F94D50F-3A18-49D0-B238-91647215AF12"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:vm_virtualbox:5.1.12:*:*:*:*:*:*:*","matchCriteriaId":"8899F709-B14F-4889-958D-F9782EE3B9C9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com"},{"url":"http://www.securityfocus.com/bid/95599","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037638","source":"secalert_us@oracle.com"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95599","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037638","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-08","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3333","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.943","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95463","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95463","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3334","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:04.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3335","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.007","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3336","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.053","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3338","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3339","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.117","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3340","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3341","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3343","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3344","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3346","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3348","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3349","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.350","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3350","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.383","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3351","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.413","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3352","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.443","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3353","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3354","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3357","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3358","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Marketing de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Marketing. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Marketing, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Marketing así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Marketing. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"FE5E189E-FB41-4332-A037-3DDA98746371"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"5EC9AAD6-30EF-4F5B-9923-2619E75C66B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EDB00EEA-140F-4652-AF01-5FE522E5D1BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6CEB6C88-B08C-44B2-8330-57B5BD931A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"F8273378-896F-4EA3-884C-47B31422028C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"704D9437-039F-46F4-ACC4-C8C10C56E251"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:marketing:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F8C98EA8-6D5A-40DF-8232-818C8BB2FB9B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95500","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3359","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.617","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Customer Intelligence de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Customer Intelligence. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Customer Intelligence, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Customer Intelligence así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Customer Intelligence. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B300225E-9D52-43E7-9F4E-E012AC265407"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6C300A2A-7FD4-44BC-B55F-E49A5AAF8536"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F06063F7-2230-4175-A599-9397EFDE6A5D"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95464","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95464","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3360","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.647","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Intelligence. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Intelligence, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Intelligence accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Intelligence accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Customer Intelligence de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Customer Intelligence. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Customer Intelligence, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Customer Intelligence así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Customer Intelligence. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B300225E-9D52-43E7-9F4E-E012AC265407"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6C300A2A-7FD4-44BC-B55F-E49A5AAF8536"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_intelligence:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F06063F7-2230-4175-A599-9397EFDE6A5D"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95511","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95511","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3361","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Installed Base accessible data as well as unauthorized update, insert or delete access to some of Oracle Installed Base accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Installed Base de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Installed Base. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Installed Base, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Installed Base así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Installed Base. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:installed_base:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"9203E4D1-0A5F-43D2-8BE7-62EF7130BDEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:installed_base:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BA5A5E97-DDCB-4F47-94F9-378BEB93414A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:installed_base:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5B4BB2B3-91E1-47A1-A725-0107EF6ED8EE"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95594","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95594","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3362","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95467","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95467","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3363","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.757","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3364","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3365","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3366","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.850","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3367","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Knowledge Management de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Knowledge Management. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Knowledge Management, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Knowledge Management así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Knowledge Management. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B0231892-2983-4811-8987-8AADD602B1E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7C81FB17-E715-4B6C-A6D4-01438798559E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:knowledge_management:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E1B5BAE-472F-4279-8FF9-84B34CB6073E"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95523","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3368","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.913","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Address Book). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle iStore de Oracle E-Business Suite (subcomponente: Address Book). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle iStore. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle iStore, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle iStore así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle iStore. CVSS v3.0 Base Score 8.2 (Impactos de Confidentialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7F97E907-8C38-44D8-8787-E7BD95B3ACE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F9FC7EAC-DC83-466B-BEC7-459E82DF014D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3B70A22F-D67A-4BF6-AF17-686BF3A9BCB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"8355653B-79DD-4DCB-83CA-066BE4D8D9D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0A91551D-F3E4-4852-A333-733A28F49CF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"5E501CF6-0457-4160-9FD9-14B903219DBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:istore:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"9E835828-6E56-472F-B497-DB5D90FF49F3"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95605","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95605","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3369","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.943","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle iSupport de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle iSupport. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle iSupport, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle iSupport así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle iSupport. CVSS v3.0 Base Score 8.2 (Impactos de Confidentialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0C39B616-E8F9-4478-9402-962E55FDDB19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7922FFA2-7265-4AA1-9AFB-792F28EE665D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"8596ADA1-FA00-461B-87B4-D44C0FD1387F"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95468","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95468","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3370","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:05.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle iSupport de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle iSupport. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle iSupport, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle iSupport así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle iSupport. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0C39B616-E8F9-4478-9402-962E55FDDB19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7922FFA2-7265-4AA1-9AFB-792F28EE665D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"8596ADA1-FA00-461B-87B4-D44C0FD1387F"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95526","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3371","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.023","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle iSupport de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle iSupport. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle iSupport, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle iSupport así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle iSupport. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0C39B616-E8F9-4478-9402-962E55FDDB19"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7922FFA2-7265-4AA1-9AFB-792F28EE665D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:isupport:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"8596ADA1-FA00-461B-87B4-D44C0FD1387F"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95526","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95526","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3372","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.070","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Interaction Blending. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Interaction Blending, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Interaction Blending accessible data as well as unauthorized update, insert or delete access to some of Oracle Interaction Blending accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Interaction Blending de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Interaction Blending. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Interaction Blending, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Interaction Blending así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Interaction Blending. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"79AC797E-176A-490C-8FB4-9FE8F8213EDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"EEAA50FF-9D92-4973-A795-AF425727977A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"CD41A4A2-3D6E-4D24-9923-D9EDA88D0BE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"4373765F-A422-44A6-BA38-A75556621140"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"40D5FB1B-F287-47D8-BE48-6A82899C3184"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"6E30A1E6-C667-48CE-A6BC-6828AF0D59B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:interaction_blending:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1975A0A5-1D81-418E-999E-3035C6589042"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95597","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95597","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3373","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95485","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95485","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3374","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3375","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3376","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3377","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3378","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3379","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3380","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3381","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3382","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3383","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.430","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3384","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3385","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.507","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3386","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3387","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3388","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3389","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.633","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3390","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.663","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3391","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3392","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3394","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.757","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3395","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3396","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3397","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.850","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3398","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.883","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3399","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.913","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3400","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.943","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3401","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:06.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3402","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.023","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3403","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.053","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3404","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3405","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.117","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3406","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3407","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3408","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3409","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3410","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3411","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3412","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3413","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3414","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Advanced Outbound Telephony de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Advanced Outbound Telephony. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Advanced Outbound Telephony, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle Advanced Outbound Telephony así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Advanced Outbound Telephony. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5EB0F7BA-1A3C-471E-82C3-E4B669C0142F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F368414B-E636-4AB8-9772-3F67477F1534"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"12E4DA8E-1C46-443D-A1EB-90443FAAAFC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F15AB8DB-60DD-4FD7-9F97-8F0459B1FA37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"56861AF1-AFA5-4329-98C7-B92353F33F7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"AD9720F7-DDB2-4357-B4CE-B53A0473F5B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:advanced_outbound_telephony:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"B6E684AD-56C2-4424-B42E-90577DCEF203"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95531","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3415","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.430","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Universal Work Queue de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Universal Work Queue. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Universal Work Queue, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle Universal Work Queue así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Universal Work Queue. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"933006D7-EF09-4CB5-BEA0-248625F74FFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F917BA76-6DC0-431B-915A-E29AD635A316"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2769037E-6154-47BF-BF90-03DA704706E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"91551403-6301-417C-B0E5-89819163D28D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"A60045D6-BDDB-4EA7-9406-72D9522C7523"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"D3194BAB-4DA8-4465-9D2D-4C5F1D598F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F6A46E76-BF9A-43C9-A95F-7BD59EF2C6CF"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95487","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95487","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3416","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Universal Work Queue de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Universal Work Queue. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Universal Work Queue, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle Universal Work Queue así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Universal Work Queue. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"933006D7-EF09-4CB5-BEA0-248625F74FFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F917BA76-6DC0-431B-915A-E29AD635A316"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2769037E-6154-47BF-BF90-03DA704706E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"91551403-6301-417C-B0E5-89819163D28D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"A60045D6-BDDB-4EA7-9406-72D9522C7523"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"D3194BAB-4DA8-4465-9D2D-4C5F1D598F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F6A46E76-BF9A-43C9-A95F-7BD59EF2C6CF"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95561","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95561","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3417","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Universal Work Queue accessible data as well as unauthorized update, insert or delete access to some of Oracle Universal Work Queue accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Universal Work Queue de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Universal Work Queue. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle Universal Work Queue, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle Universal Work Queue así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle Universal Work Queue. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"933006D7-EF09-4CB5-BEA0-248625F74FFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F917BA76-6DC0-431B-915A-E29AD635A316"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2769037E-6154-47BF-BF90-03DA704706E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"91551403-6301-417C-B0E5-89819163D28D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"A60045D6-BDDB-4EA7-9406-72D9522C7523"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"D3194BAB-4DA8-4465-9D2D-4C5F1D598F31"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:universal_work_queue:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F6A46E76-BF9A-43C9-A95F-7BD59EF2C6CF"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95561","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95561","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3418","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle CRM Technical Foundation de Oracle E-Business Suite (subcomponente: User Interface). La versión compatible que está afectada es 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle CRM Technical Foundation. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle CRM Technical Foundation, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle CRM Technical Foundation así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle CRM Technical Foundation. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_relationship_management_technical_foundation:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3ACA1DB0-002D-4237-89C5-C5A80468641B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95490","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95490","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3419","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle CRM Technical Foundation de Oracle E-Business Suite (subcomponente: User Interface). La versión compatible que está afectada es 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle CRM Technical Foundation. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle CRM Technical Foundation, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle CRM Technical Foundation así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle CRM Technical Foundation. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_relationship_management_technical_foundation:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3ACA1DB0-002D-4237-89C5-C5A80468641B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95564","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95564","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3420","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle CRM Technical Foundation de Oracle E-Business Suite (subcomponente: User Interface). La versión compatible que está afectada es 12.1.3. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle CRM Technical Foundation. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle CRM Technical Foundation, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles del Oracle CRM Technical Foundation así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de Oracle CRM Technical Foundation. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_relationship_management_technical_foundation:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3ACA1DB0-002D-4237-89C5-C5A80468641B"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95564","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95564","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3421","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.633","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95492","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95492","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3422","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.663","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3423","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.693","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3424","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3425","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.773","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3426","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.803","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3427","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3428","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.867","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3429","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3430","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.930","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3431","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:07.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones soportadas que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3433","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.007","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3435","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.037","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3436","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.070","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3437","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3438","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3439","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"818AA91A-F9EC-42D3-8BF2-40AE61D214C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"225B4D6A-7136-49B1-B537-DE573BFEBCFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2C6374C8-AD2E-4997-AE75-D91F1AF90206"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6362431D-4809-4720-A1EF-A64D2FEC6C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9463EF3E-D207-4F96-8018-C67744D9BFA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"BA7A3F6B-DCFA-47B0-9675-D77F75F6D9B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:one-to-one_fulfillment:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"4D304C78-1EDC-4429-824F-00AB05018147"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95569","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3440","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Customer Interaction History de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad de explotación fácil permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Customer Interaction History. Ataque exitoso requiere la interacción humana de una persona que no sea el atacante y cuando la vulnerabilidad es en Oracle Customer Interaction History, ataques pueden afectar significativamente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos de Oracle Customer Interaction History accessible así como acceso no autorizado de actualización, inserción o eliminado de datos accesibles de Oracle One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"F642BBD2-94B6-4250-AFDB-A6EFF0AFDA9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"75019879-7091-46AB-ACDA-34EC3C8BB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9B71AAA0-2FA5-4803-997D-14D6FBDB3DD9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95497","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95497","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3441","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Customer Interaction History de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad de explotación fácil permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Customer Interaction History. Ataque exitoso requiere la interacción humana de una persona que no sea el atacante y cuando la vulnerabilidad es en Oracle Customer Interaction History, ataques pueden afectar significativamente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos de Oracle Customer Interaction History accesible así como acceso no autorizado de actualización, inserción o eliminado de datos accesibles de Oracle One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"F642BBD2-94B6-4250-AFDB-A6EFF0AFDA9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"75019879-7091-46AB-ACDA-34EC3C8BB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9B71AAA0-2FA5-4803-997D-14D6FBDB3DD9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95573","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95573","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3442","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Customer Interaction History de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2 y 12.1.3. Vulnerabilidad de explotación fácil permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Customer Interaction History. Ataque exitoso requiere la interacción humana de una persona que no sea el atacante y cuando la vulnerabilidad es en Oracle Customer Interaction History, ataques pueden afectar significativamente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos de Oracle Customer Interaction History accesible así como acceso no autorizado de actualización, inserción o eliminado de datos accesibles de Oracle One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"F642BBD2-94B6-4250-AFDB-A6EFF0AFDA9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"75019879-7091-46AB-ACDA-34EC3C8BB9BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:customer_interaction_history:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"9B71AAA0-2FA5-4803-997D-14D6FBDB3DD9"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95573","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95573","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3443","sourceIdentifier":"secalert_us@oracle.com","published":"2017-01-27T22:59:08.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle Common Applications de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad de explotación fácil permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle Common Applications. Ataque exitoso requiere la interacción humana de una persona que no sea el atacante y cuando la vulnerabilidad es en Oracle Common Applications, ataques pueden afectar significativamente a productos adicionales. Los ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos de Oracle Common Applications así como acceso no autorizado de actualización, inserción o eliminado de datos accesibles de Oracle Common Applications. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AD375D75-8B6E-43C0-A747-F3DA4FD147A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BE04C6C2-4818-403E-B2D0-5220BDC39C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.1.3:*:*:*:*:*:*:*","matchCriteriaId":"61F4DED6-1E2A-4DD4-8D90-BD319DF993AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FC27227D-8844-4D2E-979D-91AAA657155E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BB5C9C61-EFCD-41CD-8EFB-A9ECBD7DCC37"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.5:*:*:*:*:*:*:*","matchCriteriaId":"B20D8C53-46D2-409B-B24A-B6023F6DF4F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:common_applications:12.2.6:*:*:*:*:*:*:*","matchCriteriaId":"D0505D42-88E5-4DB5-BB6E-473522DF2B23"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95612","source":"secalert_us@oracle.com"},{"url":"http://www.securitytracker.com/id/1037639","source":"secalert_us@oracle.com"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95612","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037639","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5328","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:08.350","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors."},{"lang":"es","value":"Palo Alto Networks Terminal Services Agent en versiones anteriores a 7.0.7 permite a un atacantes suplantar usuarios arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:terminal_services_agent:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.6","matchCriteriaId":"9BA8F191-45B1-4A4A-9783-3BB80D9F529B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95823","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.paloaltonetworks.com/CVE-2017-5328","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95823","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.paloaltonetworks.com/CVE-2017-5328","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5329","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:08.383","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation."},{"lang":"es","value":"Palo Alto Networks Terminal Services Agent en versiones anteriores a 7.0.7 permite a usuarios locales obtener privilegios a través de vectores que desencadenan una operación de escritura fuera de límites."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paloaltonetworks:terminal_services_agent:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.6","matchCriteriaId":"9BA8F191-45B1-4A4A-9783-3BB80D9F529B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95818","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.paloaltonetworks.com/CVE-2017-5329","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41176/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95818","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.paloaltonetworks.com/CVE-2017-5329","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41176/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5601","sourceIdentifier":"cve@mitre.org","published":"2017-01-27T22:59:08.413","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive."},{"lang":"es","value":"Un error en la función lha_read_file_header_1() (archive_read_support_format_lha.c) en libarchive 3.2.2 permite a un atacantes desencadenar un acceso de lectura fuera de límites de la memoria y posteriormente provocar una caída a través de un archivo especialmente manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"EE49FE66-2BDF-4237-8BF1-F9851B75B526"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95837","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037974","source":"cve@mitre.org"},{"url":"https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"cve@mitre.org"},{"url":"https://secunia.com/secunia_research/2017-3/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95837","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037974","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://secunia.com/secunia_research/2017-3/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7922","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print()."},{"lang":"es","value":"El analizador AH en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ah.c:ah_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7923","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print()."},{"lang":"es","value":"El analizador ARP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-arp.c:arp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7924","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print()."},{"lang":"es","value":"El analizador ATM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-atm.c:oam_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7925","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print()."},{"lang":"es","value":"El analizador SLIP comprimido en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-sl.c:sl_if_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7926","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print()."},{"lang":"es","value":"El analizador Ethernet en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ether.c:ethertype_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7927","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print()."},{"lang":"es","value":"El analizador IEEE 802.11 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-802_11.c:ieee802_11_radio_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7928","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print()."},{"lang":"es","value":"El analizador IPComp en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ipcomp.c:ipcomp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7929","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header()."},{"lang":"es","value":"El analizador Juniper PPPoE ATM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-juniper.c:juniper_parse_header()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7930","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print()."},{"lang":"es","value":"El analizador LLC/SNAP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-llc.c:llc_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7931","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print()."},{"lang":"es","value":"El analizador MPLS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-mpls.c:mpls_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7932","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.453","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum()."},{"lang":"es","value":"El analizador PIM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-pim.c:pimv2_check_checksum()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7933","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.483","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print()."},{"lang":"es","value":"El analizador PPP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ppp.c:ppp_hdlc_if_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7934","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print()."},{"lang":"es","value":"El analizador RTCP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-udp.c:rtcp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7935","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print()."},{"lang":"es","value":"El analizador RTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-udp.c:rtp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7936","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print()."},{"lang":"es","value":"El analizador UDP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-udp.c:udp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7937","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print()."},{"lang":"es","value":"El analizador VAT en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-udp.c:vat_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7938","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame()."},{"lang":"es","value":"El analizador ZeroMQ en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de entero en print-zeromq.c:zmtp1_print_frame()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7939","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions."},{"lang":"es","value":"El analizador GRE en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamientoo de búfer en múltiples funciones print-gre.c"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7940","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.687","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions."},{"lang":"es","value":"El analizador STP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en múltiples funciones print-stp.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7973","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions."},{"lang":"es","value":"El analizador AppleTalk en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en múltiples funciones print-atalk.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7974","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.747","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions."},{"lang":"es","value":"El analizador IP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en múltiples funciones print-ip.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7975","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.780","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print()."},{"lang":"es","value":"El analizador TCP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-tcp.c:tcp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7983","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.827","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print()."},{"lang":"es","value":"El analizador BOOTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-bootp.c:bootp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7984","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.843","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print()."},{"lang":"es","value":"El analizador TFTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-tftp.c:tftp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7985","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.890","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print()."},{"lang":"es","value":"El analizador CALM FAST en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-calm-fast.c:calm_fast_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7986","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.907","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions."},{"lang":"es","value":"El analizador GeoNetworking en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en múltiples funciones print-geonet.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7992","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.937","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print()."},{"lang":"es","value":"El analizador Classical IP sobre ATM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-cip.c:cip_if_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7993","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.967","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM)."},{"lang":"es","value":"Un error interno en util-print.c:relts_print() en tcpdump en versiones anteriores a 4.9.0 podría provocar un desbordamiento de búfer en múltiples analizadores de protocolo (DNS, DVMRP, HSRP, IGMP, protocolo ligero de resolución, PIM)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8574","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:00.983","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print()."},{"lang":"es","value":"El analizador FRF.15 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-fr.c:frf15_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8575","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.013","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482."},{"lang":"es","value":"El analizador Q.933 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-fr.c:q933_print(), una vulnerabilidad diferente a CVE-2017-5482."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5202","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.047","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()."},{"lang":"es","value":"El analizador ISO CLNS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isoclns.c:clnp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.0","matchCriteriaId":"F796C610-BB37-48CD-8B65-DA81617A5449"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5203","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.077","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print()."},{"lang":"es","value":"El analizador BOOTP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-bootp.c:bootp_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.0","matchCriteriaId":"F796C610-BB37-48CD-8B65-DA81617A5449"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5204","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.107","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print()."},{"lang":"es","value":"El analizador IPv6 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-ip6.c:ip6_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.0","matchCriteriaId":"F796C610-BB37-48CD-8B65-DA81617A5449"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5205","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print()."},{"lang":"es","value":"El analizador ISAKMP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-isakmp.c:ikev2_e_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.0","matchCriteriaId":"F796C610-BB37-48CD-8B65-DA81617A5449"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5341","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print()."},{"lang":"es","value":"El analizador OTV en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-otv.c:otv_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5342","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print()."},{"lang":"es","value":"En tcpdump en versiones anteriores a 4.9.0, un error interno en múltiples analizadores de protocolo (Geneve, GRE, NSH, OTV, VXLAN y VXLAN GPE) podría provocar un desbordamiento de búfer en print-ether.c:ether_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5482","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575."},{"lang":"es","value":"El analizador Q.933 en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-fr.c:q933_print(), una vulnerabilidad diferente a CVE-2016-8575."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5483","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse()."},{"lang":"es","value":"El analizador SNMP en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-snmp.c:asn1_parse()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5484","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print()."},{"lang":"es","value":"El analizador ATM en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en print-atm.c:sig_print()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5485","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap()."},{"lang":"es","value":"El analizador ISO CLNS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer addrtoname.c:lookup_nsap()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5486","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T01:59:01.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print()."},{"lang":"es","value":"El analizador ISO CLNS en tcpdump en versiones anteriores a 4.9.0 tiene un desbordamiento de búfer en addrtoname.c:lookup_nsap()."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdump:tcpdump:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.1","matchCriteriaId":"615348EF-03D2-49CC-B96C-7CFFDCEB2C75"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3775","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95852","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"cve@mitre.org"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037755","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-30","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1494526.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9553","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T12:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP addresses from accessing the device. The device doesn't properly escape the information passed in the variables 'unblockip' and 'blockip' before calling the shell_exec() function which allows for system commands to be injected into the device. The code erroneously suggests that the information handled is protected by utilizing the variable name 'escapedips' - however this was not the case. The Sophos ID is NSWA-1258."},{"lang":"es","value":"La Sophos Web Appliance (versión 4.2.1.3) es vulnerable a dos vulnerabilidades de inyección de comandos remotos que afectan a su interfaz web administrativa. Estas vulnerabilidades ocurren en el componente MgrReport.php (/controllers/MgrReport.php) responsable de bloquear y desbloquear direcciones de IP de acceder al dispositivo. El dispositivo no escapa adecuadamente la información pasada en las variables 'unblockip' y 'blockip' antes de llamar a la función shell_exec() lo que permite que se inyecten comandos del sistema en el dispositivo. El código sugiere erróneamente que la información manejada está protegida utilizando el nombre de variable 'escapedips' - sin embargo éste no es el caso. El ID Sophos es NSWA-1258."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:web_appliance:4.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0F4F4AA-F2D3-4054-A293-E12C03C3B679"}]}]}],"references":[{"url":"http://pastebin.com/DUYuN0U5","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/95853","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://pastebin.com/DUYuN0U5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://swa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"http://www.securityfocus.com/bid/95853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2016-9554","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T12:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur in MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), in the component responsible for performing diagnostic tests with the UNIX wget utility. The application doesn't properly escape the information passed in the 'url' variable before calling the executeCommand class function ($this->dtObj->executeCommand). This function calls exec() with unsanitized user input allowing for remote command injection. The page that contains the vulnerabilities, /controllers/MgrDiagnosticTools.php, is accessed by a built-in command answered by the administrative interface. The command that calls to that vulnerable page (passed in the 'section' parameter) is: 'configuration'. Exploitation of this vulnerability yields shell access to the remote machine under the 'spiderman' user account."},{"lang":"es","value":"La Sophos Web Appliance Remote / Secure Web Gateway server (versión 4.2.1.3) es vulnerable a una vulnerabilidad de inyección de comandos remotos en su interfaz web administrativa. Estas vulnerabilidades ocurren en MgrDiagnosticTools.php (/controllers/MgrDiagnosticTools.php), en el componente responsable de realizar test diagnósticos con la utilidad wget de UNIX. La aplicación no escapa adecuadamente la información pasada en la variable 'url' antes de llamar a la función de la clase executeCommand ($this->dtObj->executeCommand). Esta función llama a exec() con entrada de usuario no desinfectada permitiendo inyección remota de comandos. A la página que contiene las vulnerabilidades, /controllers/MgrDiagnosticTools.php, se accede mediante un comando incorporado que responde a la interfaz administrativa. El comando que llama a la página vulnerable (pasado en el parámetro 'section') es: 'configuration'. La explotación de esta vulnerabilidad da acceso shell a la máquina remota bajo la cuenta de usuario 'spiderman'."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:web_appliance:4.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0F4F4AA-F2D3-4054-A293-E12C03C3B679"}]}]}],"references":[{"url":"http://pastebin.com/UB8Ye6ZU","source":"cve@mitre.org","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/95858","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"http://pastebin.com/UB8Ye6ZU","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.securityfocus.com/bid/95858","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-version-4-3-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2017-5608","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T18:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename."},{"lang":"es","value":"Vulnerabilidad XSS en la función de carga de imágenes en Piwigo en versiones anteriores a 2.8.6 permite a un atacantes inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de archivo de imagen manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:piwigo:piwigo:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.5","matchCriteriaId":"6B6B020F-0D8F-4DCB-A443-6A1398E0B3DA"}]}]}],"references":[{"url":"http://piwigo.org/releases/2.8.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95848","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/Piwigo/Piwigo/issues/600","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://piwigo.org/releases/2.8.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95848","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Piwigo/Piwigo/commit/6ec3f2d0fae0437f0c2cc8c475a26fb6aeb0d4cb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/Piwigo/Piwigo/issues/600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5609","sourceIdentifier":"cve@mitre.org","published":"2017-01-28T18:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en include/functions_entries.inc.php en Serendipity 2.0.5 permite a usuarios autenticados remotos ejecutar comandos arbitrarios SQL a través del parámetro cat."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:s9y:serendipity:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"62698057-2D97-42F0-913C-76CB939804FA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95850","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/s9y/Serendipity/releases/tag/2.1-rc1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/s9y/Serendipity/commit/c62d667287f2d76c81e03a740a581eb3c51249b6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/s9y/Serendipity/releases/tag/2.1-rc1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10175","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The NETGEAR WNR2000v5 router leaks its serial number when performing a request to the /BRS_netgear_success.html URI. This serial number allows a user to obtain the administrator username and password, when used in combination with the CVE-2016-10176 vulnerability that allows resetting the answers to the password-recovery questions."},{"lang":"es","value":"El router NETGEAR WNR2000v5 filtra su número de serie cuando se realiza una petición a la URI /BRS_netgear_success.html. Este número de serie permite a un usuario obtener el nombre de usuario y contraseña del administrador, cuando se utiliza en combinación con la vulnerabilidad CVE-2016-10176 que permite restablecer las respuestas a las preguntas de recuperación de contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.0.34","matchCriteriaId":"B964474D-2095-49AF-A6D3-869E89682898"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*","matchCriteriaId":"671EC923-DC84-47D6-B943-0F7DA8168334"}]}]}],"references":[{"url":"http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Dec/72","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95867","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40949/","source":"cve@mitre.org"},{"url":"http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Dec/72","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95867","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40949/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10176","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution."},{"lang":"es","value":"El router NETGEAR WNR2000v5 permite a un administrador realizar acciones sensibles invocando a la URL apply.cgi en el servidor web del dispositivo. Esta URL especial es manejada por el servidor web embebido (uhttpd) y procesada como corresponde. El servidor web también contiene otra URL, apply_noauth.cgi, que permite a un usuario no autenticado realizar acciones sensibles en el dispositivo. Esta funcionalidad puede ser explotada para cambiar la configuración del router (tal como la respuestas a las preguntas de recuperación de contraseña) y logar la ejecución remota de código."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netgear:wnr2000v5_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.0.34","matchCriteriaId":"B964474D-2095-49AF-A6D3-869E89682898"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netgear:wnr2000v5:-:*:*:*:*:*:*:*","matchCriteriaId":"671EC923-DC84-47D6-B943-0F7DA8168334"}]}]}],"references":[{"url":"http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Dec/72","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95867","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40949/","source":"cve@mitre.org"},{"url":"http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Dec/72","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95867","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/40949/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10177","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. Undocumented TELNET and SSH services provide logins to admin with the password admin and root with the password 1234."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. Los servicios TELNET y SSH no documentados proporcionan inicio de sesión para admin con la contraseña admin y root con la contraseña 1234."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10178","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the \"/sbin/telnetd -l /bin/sh\" command."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. HELODBG en el puerto 39889 (UDP) lanza el comando \"/sbin/telnetd -l /bin/sh\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10179","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.343","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. There is a hardcoded WPS PIN of 28296607."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. Hay un PIN WPS embebido de 28296607."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10180","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. La generación de PIN WPS esta basada en germen srand(time(0))."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-335"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-330"},{"lang":"en","value":"CWE-335"},{"lang":"en","value":"CWE-1241"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10181","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. qmiweb provides sensitive information for CfgType=get_homeCfg requests."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. qmiweb proporciona información sensible para peticiones CfgType=get_homeCfg."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10182","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. qmiweb permite la inyección de comandos con caracteres `."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10183","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. qmiweb allows directory listing with ../ traversal."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. qmiweb permite el listado de directorio con recorrido ../ ."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10184","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. qmiweb permite la lectura de archivos con recorrido ..%2f."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10185","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. A secure_mode=no line exists in /var/miniupnpd.conf."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B. Existe una línea secure_mode=no en /var/miniupnpd.conf."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10186","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd.conf has no deny rules."},{"lang":"es","value":"Se ha descubierto un problema en el router D-Link DWR-932B . /var/miniupnpd.conf no tiene reglas de denegación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dwr-932b_firmware:02.02eu:revb:*:*:*:*:*:*","matchCriteriaId":"1AF53B78-4385-4384-AD34-8944D30A3477"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dwr-932b:-:*:*:*:*:*:*:*","matchCriteriaId":"5276D597-329E-4870-90C8-EC1947D4F231"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95877","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95877","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5610","sourceIdentifier":"security@debian.org","published":"2017-01-30T04:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms."},{"lang":"es","value":"wp-admin/includes/class-wp-press-this.php en Press This en WordPress versiones anteriores a 4.7.2 no restringe adecuadamente la visibilidad de una interfaz de usuario de asignación de taxonomía, lo que permite a atacantes remotos eludir las restricciones destinadas al acceso leyendo términos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7.1","matchCriteriaId":"7DB8B4B5-7B4F-4AC2-8EBA-A2D6B2273392"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"security@debian.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8729","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8729","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5611","sourceIdentifier":"security@debian.org","published":"2017-01-30T04:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en wp-includes/class-wp-query.php en WP_Query en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos ejecutar comandos SQL arbitrarios aprovechando la presencia de un plugin o tema afectado que no maneja correctamente un nombre de tipo de publicación manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7.1","matchCriteriaId":"7DB8B4B5-7B4F-4AC2-8EBA-A2D6B2273392"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:data_integrator:11.1.1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"E2CF70CF-3DDF-45A2-A14C-340CC65EBDC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"9901F6BA-78D5-45B8-9409-07FF1C6DDD38"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9FADE563-5AAA-42FF-B43F-35B20A2386C9"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"security@debian.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8730","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5612","sourceIdentifier":"security@debian.org","published":"2017-01-30T04:59:00.640","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp-posts-list-table.php in the posts list table in WordPress before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via a crafted excerpt."},{"lang":"es","value":"Vulnerabilidad de XSS en wp-admin/includes/class-wp-posts-list-table.php en la tabla de lista de publicaciones en WordPress en versiones anteriores a 4.7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un extracto manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7.1","matchCriteriaId":"7DB8B4B5-7B4F-4AC2-8EBA-A2D6B2273392"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3779","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"security@debian.org","tags":["Release Notes"]},{"url":"https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849","source":"security@debian.org","tags":["Issue Tracking","Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8731","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3779","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://codex.wordpress.org/Version_4.7.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5627","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.673","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file."},{"lang":"es","value":"Se ha descubierto un problema en Artifex Software, Inc. MuJS en versiones anteriores a 4006739a28367c708dea19aeb19b8a1a9326ce08. La función jsR_setproperty en jsrun.c carece de una comprobación para una longitud negativa de array. Esto lleva a un desbordamiento de entero en la función js_pushstring en jsrun.c al analizar archivos JS especialmente manipulados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*","versionEndExcluding":"2017-01-24","matchCriteriaId":"2D69C667-E4E7-47DA-A42B-E4F386BB56D5"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=4006739a28367c708dea19aeb19b8a1a9326ce08","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95856","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697497","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=4006739a28367c708dea19aeb19b8a1a9326ce08","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95856","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697497","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2017-5628","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.703","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file."},{"lang":"es","value":"Vulnerabilidad en el componente Oracle One-to-One Fulfillment de Oracle E-Business Suite (subcomponente: User Interface). Versiones compatibles que están afectadas son 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 y 12.2.6. Vulnerabilidad fácilmente explotable permite a un atacante no autenticado con acceso a la red a través de HTTP comprometer Oracle One-to-One Fulfillment. Ataques exitosos requieren interacción humana de una persona distinta del atacante y mientras la vulnerabilidad esté en Oracle One-to-One Fulfillment, los ataques podrían afectar significativamente a productos adicionales. Ataques exitosos de esta vulnerabilidad pueden resultar en acceso no autorizado a datos críticos o acceso completo a todos los datos accesibles de Oracle One-to-One Fulfillment así como actualización no autorizada, inserción o borrado de acceso a algunos datos accesibles de One-to-One Fulfillment. CVSS v3.0 Base Score 8.2 (Impactos de Confidencialidad e Integridad)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*","versionEndExcluding":"2017-01-24","matchCriteriaId":"2D69C667-E4E7-47DA-A42B-E4F386BB56D5"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=8f62ea10a0af68e56d5c00720523ebcba13c2e6a","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95855","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697496","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://git.ghostscript.com/?p=mujs.git%3Bh=8f62ea10a0af68e56d5c00720523ebcba13c2e6a","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95855","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697496","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2017-5632","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T04:59:00.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an \"nmap -O\" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the Internet, a Denial of Service (DoS). The attack is only possible from within the local area network."},{"lang":"es","value":"Se ha descubierto un problema en el router wireless ASUS RT-N56U con Firmware 3.0.0.4.374_979. Al ejecutar un comando \"nmap -O\" que especifica una dirección IP de un dispositivo infectado, se puede derribar la conexión WAN del dispositivo WAN, causando una desconexión de internet, una denegación de servicio (DoS). El ataque solo es posible desde dentro de la red de área local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:asus:rt-n56u_firmware:3.0.0.4.374_979:*:*:*:*:*:*:*","matchCriteriaId":"71FB53A0-E6FE-44AB-9C58-3D171D014C89"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:asus:rt-n56u:-:*:*:*:*:*:*:*","matchCriteriaId":"534C0C95-9DD2-464C-8776-01B47398FE13"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95857","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95857","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5572","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T16:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database."},{"lang":"es","value":"Se ha descubierto un problema en Linux Foundation xapi en Citrix XenServer hasta la versión 7.0. Un administrador autenticado de solo lectura puede corromper la base de datos del host."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95801","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037716","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX220112","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95801","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037716","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX220112","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5573","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T16:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators."},{"lang":"es","value":"Se ha descubierto un problema en Linux Foundation xapi en Citrix XenServer hasta la versión 7.0. Un administrador autenticado de sólo lectura puede cancelar las tareas de otros administradores."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"BCEA97B9-A443-4F87-81B4-B3F0E94AC18E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:*:*:*:*:*:*:*","matchCriteriaId":"56434D13-7A7B-495C-A135-2688C706A065"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95796","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037716","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX220112","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95796","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037716","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX220112","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-7973","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90, cuando está configurado en modo de difusión, permite a atacantes man-in-the-middle realizar ataques de repetición rastreando la red."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.8","matchCriteriaId":"CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.90","matchCriteriaId":"3207DA93-AFE7-45D8-90DA-A12F6AB76293"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*","matchCriteriaId":"EEA51D83-5841-4335-AF07-7A43C118CAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*","matchCriteriaId":"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*","matchCriteriaId":"49ADE0C3-F75C-4EC0-8805-56013F0EB92C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*","matchCriteriaId":"D8FF625A-EFA3-43D1-8698-4A37AE31A07C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*","matchCriteriaId":"E3B99BBD-97FE-4615-905A-A614592226F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*","matchCriteriaId":"E7A9AD3A-F030-4331-B52A-518BD963AB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*","matchCriteriaId":"C293B8BE-6691-4944-BCD6-25EB98CABC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*","matchCriteriaId":"CEA650F8-2576-494A-A861-61572CA319D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*","matchCriteriaId":"4ED21EE8-7CBF-4BC5-BFC3-185D41296238"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*","matchCriteriaId":"C76A0B44-13DE-4173-8D05-DA54F6A71759"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*","matchCriteriaId":"1450241C-2F6D-4122-B33C-D78D065BA403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*","matchCriteriaId":"721AFD22-91D3-488E-A5E6-DD84C86E412B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*","matchCriteriaId":"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*","matchCriteriaId":"466D9A37-2658-4695-9429-0C6BF4A631C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*","matchCriteriaId":"99774181-5F12-446C-AC2C-DB1C52295EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*","matchCriteriaId":"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*","matchCriteriaId":"99C71C00-7222-483B-AEFB-159337BD3C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*","matchCriteriaId":"75A9AA28-1B20-44BB-815C-7294A53E910E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E0730ED6-676B-4200-BC07-C0B4531B242C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:tim_4r-ie:-:*:*:*:*:*:*:*","matchCriteriaId":"0B87B16C-9E9F-448B-9255-B2BB2B8CAD63"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E16E82E3-9A85-41A4-8A33-12AE45A1B584"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*","matchCriteriaId":"EE27728D-D37B-43FC-BA8A-0E930DDBD10B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.1","matchCriteriaId":"683BC810-0492-4A7A-8F68-52A73A8CB187"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*","matchCriteriaId":"A308448F-7FAD-4CAA-B204-94979A0055EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*","matchCriteriaId":"9D942069-86FD-4777-B144-27F68845510F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*","matchCriteriaId":"8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*","matchCriteriaId":"6937683B-ADC8-452E-BCD7-34ED8656D75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*","matchCriteriaId":"0B50A898-C510-4582-8931-2820D2FFB646"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*","matchCriteriaId":"5016E4BB-D905-49BF-8B23-40DD9F9BC133"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*","matchCriteriaId":"C4009691-42D4-4E04-BA72-EAC9E30C30E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*","matchCriteriaId":"AC531D8E-31B3-48B1-8B79-85B9FB67CF0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*","matchCriteriaId":"4B161FA9-E1A8-407B-80A9-9F57DF4E6932"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*","matchCriteriaId":"C608B9D9-28DD-4470-A5A2-96B030E8EA0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*","matchCriteriaId":"50702FA4-624E-4C47-B672-8479ED7EB00C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*","matchCriteriaId":"A05DE064-17DC-4BC3-BFA7-1FF31324BB5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*","matchCriteriaId":"3785D821-D809-4948-92E0-CD6F93D06D56"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*","matchCriteriaId":"4F309C4D-DBE9-4FDC-9F71-670FE84E8859"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*","matchCriteriaId":"B9D919A6-BBEC-416C-8FC0-5CA7B0191E82"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*","matchCriteriaId":"22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*","matchCriteriaId":"179468E8-0FB7-4E1A-9002-AFC8753027AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*","matchCriteriaId":"CF8563F3-DD91-4272-B72D-08F66E2E44C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*","matchCriteriaId":"642BCA8F-6432-43D2-9E74-565CC71A9DD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*","matchCriteriaId":"09003BFB-72FB-4F89-B62C-4A2505E60630"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*","matchCriteriaId":"794DB6C2-514F-4353-AC31-025D53FFC3FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*","matchCriteriaId":"55448583-DD8E-44FA-9033-CEB8E63FC2C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*","matchCriteriaId":"A238C1FE-D4D3-4EEC-ACBE-341B112123EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*","matchCriteriaId":"BABAD599-782F-4BFE-9EE2-0668ECAAC349"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*","matchCriteriaId":"C263C188-EA00-4110-B9A5-16C0CD0F1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*","matchCriteriaId":"75F93217-BCD4-4AD4-9621-49C83BA3FFD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*","matchCriteriaId":"1860A2E7-8E58-4082-9C71-E4F383244953"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*","matchCriteriaId":"B07FABAF-00CF-4284-AAC2-F3D6DA3D3841"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*","matchCriteriaId":"87440763-A4AF-44E9-AB26-155313A64269"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*","matchCriteriaId":"5F2A6E84-E37B-4E21-BBD9-FDB878D53D58"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*","matchCriteriaId":"2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*","matchCriteriaId":"256FDB00-0427-4B72-B9FA-1FE4AD56EC28"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*","matchCriteriaId":"5EC0C4BA-089F-44B1-A49B-2CDDEC86997B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*","matchCriteriaId":"F7713F76-A9C7-498B-BEEC-B022D13268A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*","matchCriteriaId":"E51647B0-B346-4FCB-97BE-22D43D002B17"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*","matchCriteriaId":"D5F7A00A-5A6B-46FA-8527-14917C50555A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*","matchCriteriaId":"466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*","matchCriteriaId":"EAD3F82B-E13C-40CE-BF65-4DA204FCDE93"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*","matchCriteriaId":"23E2935E-7159-45A2-9164-978453F24BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*","matchCriteriaId":"1B7F75CF-F808-4BD6-9A46-AA5C1989F740"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*","matchCriteriaId":"3EC40899-2775-45B9-96C1-8A9E7FAB7A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*","matchCriteriaId":"A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*","matchCriteriaId":"C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*","matchCriteriaId":"C59FCA1F-C2F9-4E11-A457-7979C94ECD3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*","matchCriteriaId":"13BA0876-9EFB-474E-83BB-9A53F38ADD4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*","matchCriteriaId":"041C28B8-8EA6-461D-B6CB-13E3B9FF8411"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*","matchCriteriaId":"91362F1A-CB09-4505-A724-332C743D9624"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*","matchCriteriaId":"D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*","matchCriteriaId":"44685E95-3139-4A82-9A8B-EB5379DF0558"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*","matchCriteriaId":"8F92482C-F8B9-47A7-B5F1-ACBAC2A91646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","matchCriteriaId":"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2935","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81963","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2935","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81963","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-7975","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash)."},{"lang":"es","value":"La función nextvar en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 no valida correctamente la longitud de su entrada, lo que permite a un atacante provocar una denegación de servicio (caída de la aplicación)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2937","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81959","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81959","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-7976","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename."},{"lang":"es","value":"El comando savconfig ntpq en NTP 4.1.2, 4.2.x en versiones anteriores a 4.2.8p6, 4.3, 4.3.25, 4.3.70 y 4.3.77 no filtra adecuadamente caracteres especiales, lo que permite a atacantes causar un impacto no especificado a través de un nombre de archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CB90A3FB-B107-46CF-A846-48EE0EDF637A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"842963D1-C78C-48B5-A8D2-BC018854E5CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp2:*:*:*:*:*:*","matchCriteriaId":"D5900A25-FDD7-4900-BF7C-F3ECCB714D2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*","matchCriteriaId":"58D3B6FD-B474-4B09-B644-A8634A629280"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*","matchCriteriaId":"F892F1B0-514C-42F7-90AE-12ACDFDC1033"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager:2.1:*:*:*:*:*:*:*","matchCriteriaId":"FD4EEF7C-CC33-4494-8531-7C0CC28A8823"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:manager_proxy:2.1:*:*:*:*:*:*:*","matchCriteriaId":"3CBED083-B935-4C47-BBDA-F39D8EA277ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:novell:suse_openstack_cloud:5:*:*:*:*:*:*:*","matchCriteriaId":"74268F7D-058C-4E84-9D7E-3853A95918BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*","matchCriteriaId":"F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*","matchCriteriaId":"3A0BA503-3F96-48DA-AF47-FBA37A9D0C48"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:ltss:*:*:*","matchCriteriaId":"35BBD83D-BDC7-4678-BE94-639F59281139"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*","matchCriteriaId":"CB6476C7-03F2-4939-AB85-69AA524516D9"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*","matchCriteriaId":"B12243B2-D726-404C-ABFF-F1AB51BA1783"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*","matchCriteriaId":"55C5561F-BE86-4EEA-99D4-8697F8BD9DFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*","matchCriteriaId":"2076747F-A98E-4DD9-9B52-BF1732BCAD3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*","matchCriteriaId":"9C649194-B8C2-49F7-A819-C635EE584ABF"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2938","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2938","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-7977","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command."},{"lang":"es","value":"ntpd en NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) mediante un comando ntpdc reslist."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"510BE484-3C5F-4025-A4C4-60A72CEAE08E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.90","matchCriteriaId":"3207DA93-AFE7-45D8-90DA-A12F6AB76293"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*","matchCriteriaId":"EEA51D83-5841-4335-AF07-7A43C118CAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*","matchCriteriaId":"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*","matchCriteriaId":"49ADE0C3-F75C-4EC0-8805-56013F0EB92C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*","matchCriteriaId":"D8FF625A-EFA3-43D1-8698-4A37AE31A07C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*","matchCriteriaId":"E3B99BBD-97FE-4615-905A-A614592226F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*","matchCriteriaId":"E7A9AD3A-F030-4331-B52A-518BD963AB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*","matchCriteriaId":"C293B8BE-6691-4944-BCD6-25EB98CABC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*","matchCriteriaId":"CEA650F8-2576-494A-A861-61572CA319D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*","matchCriteriaId":"4ED21EE8-7CBF-4BC5-BFC3-185D41296238"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*","matchCriteriaId":"C76A0B44-13DE-4173-8D05-DA54F6A71759"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*","matchCriteriaId":"1450241C-2F6D-4122-B33C-D78D065BA403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*","matchCriteriaId":"721AFD22-91D3-488E-A5E6-DD84C86E412B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*","matchCriteriaId":"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*","matchCriteriaId":"466D9A37-2658-4695-9429-0C6BF4A631C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*","matchCriteriaId":"99774181-5F12-446C-AC2C-DB1C52295EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*","matchCriteriaId":"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*","matchCriteriaId":"99C71C00-7222-483B-AEFB-159337BD3C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*","matchCriteriaId":"75A9AA28-1B20-44BB-815C-7294A53E910E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","matchCriteriaId":"D7B037A8-72A6-4DFF-94B2-D688A5F6F876"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:tim_4r-ie_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"E0730ED6-676B-4200-BC07-C0B4531B242C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:tim_4r-ie:*:*:*:*:*:*:*:*","matchCriteriaId":"25D94EFB-8CB5-485B-9F16-EF70E3944C97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:tim_4r-ie_dnp3_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"98F55394-62EB-433D-B459-6B657909D2C2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:tim_4r-ie_dnp3:-:*:*:*:*:*:*:*","matchCriteriaId":"EE27728D-D37B-43FC-BA8A-0E930DDBD10B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","matchCriteriaId":"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*","matchCriteriaId":"A308448F-7FAD-4CAA-B204-94979A0055EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*","matchCriteriaId":"9D942069-86FD-4777-B144-27F68845510F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*","matchCriteriaId":"8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*","matchCriteriaId":"6937683B-ADC8-452E-BCD7-34ED8656D75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*","matchCriteriaId":"0B50A898-C510-4582-8931-2820D2FFB646"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*","matchCriteriaId":"5016E4BB-D905-49BF-8B23-40DD9F9BC133"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*","matchCriteriaId":"C4009691-42D4-4E04-BA72-EAC9E30C30E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*","matchCriteriaId":"AC531D8E-31B3-48B1-8B79-85B9FB67CF0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*","matchCriteriaId":"4B161FA9-E1A8-407B-80A9-9F57DF4E6932"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*","matchCriteriaId":"C608B9D9-28DD-4470-A5A2-96B030E8EA0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*","matchCriteriaId":"50702FA4-624E-4C47-B672-8479ED7EB00C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*","matchCriteriaId":"A05DE064-17DC-4BC3-BFA7-1FF31324BB5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*","matchCriteriaId":"3785D821-D809-4948-92E0-CD6F93D06D56"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*","matchCriteriaId":"4F309C4D-DBE9-4FDC-9F71-670FE84E8859"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*","matchCriteriaId":"F6DF73AA-4270-46C1-BD19-EE0EAE39B6EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*","matchCriteriaId":"B9D919A6-BBEC-416C-8FC0-5CA7B0191E82"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*","matchCriteriaId":"BC7FC9A7-46A4-4BEC-AD3D-4E986BBB4B1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*","matchCriteriaId":"6C1380CA-757C-442D-A15E-7C1EEF309BC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*","matchCriteriaId":"B4E26747-28E7-46C6-B9D2-949E7D2B9076"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*","matchCriteriaId":"0D16FE35-E17F-4520-B2AA-916F586DE052"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*","matchCriteriaId":"02A6E6C3-1DBF-41C5-8377-A3058AF1A1A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*","matchCriteriaId":"22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*","matchCriteriaId":"179468E8-0FB7-4E1A-9002-AFC8753027AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*","matchCriteriaId":"CF8563F3-DD91-4272-B72D-08F66E2E44C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*","matchCriteriaId":"642BCA8F-6432-43D2-9E74-565CC71A9DD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*","matchCriteriaId":"09003BFB-72FB-4F89-B62C-4A2505E60630"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*","matchCriteriaId":"794DB6C2-514F-4353-AC31-025D53FFC3FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*","matchCriteriaId":"55448583-DD8E-44FA-9033-CEB8E63FC2C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*","matchCriteriaId":"A238C1FE-D4D3-4EEC-ACBE-341B112123EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*","matchCriteriaId":"BABAD599-782F-4BFE-9EE2-0668ECAAC349"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*","matchCriteriaId":"C263C188-EA00-4110-B9A5-16C0CD0F1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*","matchCriteriaId":"75F93217-BCD4-4AD4-9621-49C83BA3FFD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*","matchCriteriaId":"1860A2E7-8E58-4082-9C71-E4F383244953"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*","matchCriteriaId":"B07FABAF-00CF-4284-AAC2-F3D6DA3D3841"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*","matchCriteriaId":"87440763-A4AF-44E9-AB26-155313A64269"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*","matchCriteriaId":"5F2A6E84-E37B-4E21-BBD9-FDB878D53D58"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*","matchCriteriaId":"2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*","matchCriteriaId":"256FDB00-0427-4B72-B9FA-1FE4AD56EC28"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*","matchCriteriaId":"5EC0C4BA-089F-44B1-A49B-2CDDEC86997B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*","matchCriteriaId":"F7713F76-A9C7-498B-BEEC-B022D13268A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*","matchCriteriaId":"E51647B0-B346-4FCB-97BE-22D43D002B17"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*","matchCriteriaId":"D5F7A00A-5A6B-46FA-8527-14917C50555A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*","matchCriteriaId":"466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*","matchCriteriaId":"EAD3F82B-E13C-40CE-BF65-4DA204FCDE93"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*","matchCriteriaId":"23E2935E-7159-45A2-9164-978453F24BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*","matchCriteriaId":"1B7F75CF-F808-4BD6-9A46-AA5C1989F740"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*","matchCriteriaId":"3EC40899-2775-45B9-96C1-8A9E7FAB7A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*","matchCriteriaId":"A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*","matchCriteriaId":"C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*","matchCriteriaId":"C59FCA1F-C2F9-4E11-A457-7979C94ECD3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*","matchCriteriaId":"13BA0876-9EFB-474E-83BB-9A53F38ADD4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*","matchCriteriaId":"041C28B8-8EA6-461D-B6CB-13E3B9FF8411"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*","matchCriteriaId":"91362F1A-CB09-4505-A724-332C743D9624"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*","matchCriteriaId":"D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*","matchCriteriaId":"44685E95-3139-4A82-9A8B-EB5379DF0558"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*","matchCriteriaId":"8F92482C-F8B9-47A7-B5F1-ACBAC2A91646"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*","matchCriteriaId":"253C303A-E577-4488-93E6-68A8DD942C38"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*","matchCriteriaId":"CB66DB75-2B16-4EBF-9B93-CE49D8086E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"}]}]}],"references":[{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0780.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2939","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81815","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0780.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2939","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/81815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-7978","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction list."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p6 y 4.3.0 en versiones anteriores a 4.3.90 permite a atacantes remotos provocar una denegación de servicio (agotamiento de la pila) a través de un comando ntpdc relist, lo que desencadena el recorrido recursivo de la lista de restricciones."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]}],"references":[{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0780.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/81962","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0780.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/81962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-7979","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos causar una denegación de servicio (asociación cliente-servidor) por el envío de paquetes de difusión con autenticación no válida a un cliente transmisor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]}],"references":[{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/81816","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/81816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-8138","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.723","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p6 y 4.3.x en versiones anteriores a 4.3.90 permite a atacantes remotos eludir la validación de marca horaria de origen a través de un paquete con una marca horaria de origen puesta a cero."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]}],"references":[{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0063.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/81811","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"cve@mitre.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"cve@mitre.org"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177507.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176434.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-0063.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/81811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161123-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-103-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1332-security-advisory-19","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-8139","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.830","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors."},{"lang":"es","value":"ntpq en NTP en versiones anteriores a 4.2.8p7 permite a atacantes remotos obtener timestamps de origen y luego suplantar a sus pares a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"E2CF4922-E481-4C5B-9A34-F439D9C727FE"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2946","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82105","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200204-0003/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2946","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/82105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3EYJQHJZ2KTVQ7ICEFHXTLZ36MRASWX/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORAMN3Q7TVJ54MBYF75XCJOE3DP7LYHT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNWGCQLW2VY72NIUYMJOCAKJKTXHDUK2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200204-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-8140","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.910","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network."},{"lang":"es","value":"El protocolo ntpq en NTP en versiones anteriores a 4.2.8p7 permite a los atacantes remotos realizar ataques de repetición para rastrear la red."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"E2CF4922-E481-4C5B-9A34-F439D9C727FE"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2947","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200204-0003/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00059.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00060.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00048.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2947","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bto.bluecoat.com/security-advisory/sa113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20200204-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2015-8158","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:00.973","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values."},{"lang":"es","value":"La función getresponse en ntpq en NTP versiones anteriores a 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.90 permite a los atacantes remotos causar una denegación de servicio (bucle infinito) a través de paquetes creados con valores incorrectos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p5:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"99442254-E77A-43F7-8A9B-FC918AC336A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"cve@mitre.org"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2948","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/81814","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"cve@mitre.org"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2583.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://support.ntp.org/bin/view/Main/NtpBug2948","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/81814","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1034782","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03750en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03766en_us","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:09.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171031-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/835.html\">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>"}},{"cve":{"id":"CVE-2016-2516","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, allows remote attackers to cause a denial of service (ntpd abort) by using the same IP address multiple times in an unconfig directive."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92, cuando mode7 está habilitado, permite a atacantes remotos provocar una denegación de servicio (anular ntpd) usando la misma dirección IP varias veces en una directiva unconfig."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"E2CF4922-E481-4C5B-9A34-F439D9C727FE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"842963D1-C78C-48B5-A8D2-BC018854E5CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*","matchCriteriaId":"B3FE37F4-C8E6-42CC-A799-563637F6B85A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*","matchCriteriaId":"72F9DD05-E521-45D3-994E-0400DA0070BD"}]}]}],"references":[{"url":"http://support.ntp.org/bin/view/Main/NtpBug3011","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88180","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3011","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88180","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-2517","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.033","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey.  NOTE: this vulnerability exists because of a CVE-2016-2516 regression."},{"lang":"es","value":"NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos provocar una denegación de servicio (evitar la posterior autenticación) aprovechando el conocimiento de la clave de control o requestkey y enviando un paquete creado a ntpd, que cambia el valor de trustedkey, Controlkey o requestkey. NOTA: esta vulnerabilidad existe debido a una regresión de la CVE-2016-2516."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:N/I:N/A:C","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"E2CF4922-E481-4C5B-9A34-F439D9C727FE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"842963D1-C78C-48B5-A8D2-BC018854E5CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*","matchCriteriaId":"B3FE37F4-C8E6-42CC-A799-563637F6B85A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*","matchCriteriaId":"72F9DD05-E521-45D3-994E-0400DA0070BD"}]}]}],"references":[{"url":"http://support.ntp.org/bin/view/Main/NtpBug3010","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88189","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88189","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-2518","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.080","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x before 4.3.92 allows remote attackers to cause an out-of-bounds reference via an addpeer request with a large hmode value."},{"lang":"es","value":"La función MATCH_ASSOC en NTP en versiones anteriores 4.2.8p9 y 4.3.x en versiones anteriores a 4.3.92 permite a atacantes remotos provocar una referencia fuera de los límites a través de una solicitud addpeer con un valor hmode grande."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.8","matchCriteriaId":"CED3C1F7-6FFA-44D1-BC56-2BB1963F3B9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.92","matchCriteriaId":"2A5D4FE7-07FC-4869-84F2-4FA767490A73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:-:*:*:*:*:*:*","matchCriteriaId":"EEA51D83-5841-4335-AF07-7A43C118CAAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1:*:*:*:*:*:*","matchCriteriaId":"C855BBD2-2B38-4EFF-9DBE-CA61CCACD0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta1:*:*:*:*:*:*","matchCriteriaId":"49ADE0C3-F75C-4EC0-8805-56013F0EB92C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta2:*:*:*:*:*:*","matchCriteriaId":"D8FF625A-EFA3-43D1-8698-4A37AE31A07C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta3:*:*:*:*:*:*","matchCriteriaId":"E3B99BBD-97FE-4615-905A-A614592226F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta4:*:*:*:*:*:*","matchCriteriaId":"E7A9AD3A-F030-4331-B52A-518BD963AB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-beta5:*:*:*:*:*:*","matchCriteriaId":"C293B8BE-6691-4944-BCD6-25EB98CABC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc1:*:*:*:*:*:*","matchCriteriaId":"CEA650F8-2576-494A-A861-61572CA319D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p1-rc2:*:*:*:*:*:*","matchCriteriaId":"4ED21EE8-7CBF-4BC5-BFC3-185D41296238"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2:*:*:*:*:*:*","matchCriteriaId":"C76A0B44-13DE-4173-8D05-DA54F6A71759"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc1:*:*:*:*:*:*","matchCriteriaId":"1450241C-2F6D-4122-B33C-D78D065BA403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc2:*:*:*:*:*:*","matchCriteriaId":"721AFD22-91D3-488E-A5E6-DD84C86E412B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p2-rc3:*:*:*:*:*:*","matchCriteriaId":"8D6ADDB1-2E96-4FF6-AE95-4B06654D38B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*","matchCriteriaId":"41E44E9F-6383-4E12-AEDC-B653FEA77A48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc1:*:*:*:*:*:*","matchCriteriaId":"466D9A37-2658-4695-9429-0C6BF4A631C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc2:*:*:*:*:*:*","matchCriteriaId":"99774181-5F12-446C-AC2C-DB1C52295EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p3-rc3:*:*:*:*:*:*","matchCriteriaId":"4427EE6D-3F79-4FF5-B3EC-EE6BD01562CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p4:*:*:*:*:*:*","matchCriteriaId":"99C71C00-7222-483B-AEFB-159337BD3C92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p5:*:*:*:*:*:*","matchCriteriaId":"75A9AA28-1B20-44BB-815C-7294A53E910E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p6:*:*:*:*:*:*","matchCriteriaId":"8C213794-111D-41F3-916C-AD97F731D600"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p7:*:*:*:*:*:*","matchCriteriaId":"50811A7B-0379-4437-8737-B4C1ACBC9EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.2.8:p8:*:*:*:*:*:*","matchCriteriaId":"F12E4CF5-536C-416B-AD8D-6AE7CBE22C71"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"1FE996B1-6951-4F85-AA58-B99A379D2163"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_ontap:-:*:*:*:*:7-mode:*:*","matchCriteriaId":"6C2ACC32-5147-4EA5-95BE-B6B4EAB3D82B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","matchCriteriaId":"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"212E1878-1B9A-4CB4-A1CE-EAD60B867161"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:-:*:*:*:*:*:*:*","matchCriteriaId":"392D82A3-21BC-4CE1-A0AC-62A90468F0A5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_user_data_repository:10.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D6D2C3F5-73E2-4988-9416-940C3C09F25F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_user_data_repository:10.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0473C6C9-B0C5-43F0-AC8C-C0DAD30DACF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_user_data_repository:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0E94636C-58E3-4B5C-9B18-E5129F6B4A11"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*","matchCriteriaId":"D7B037A8-72A6-4DFF-94B2-D688A5F6F876"},{"vulnerable":true,"criteria":"cpe:2.3:o:oracle:linux:7:-:*:*:*:*:*:*","matchCriteriaId":"44B8FEDF-6CB0-46E9-9AD7-4445B001C158"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"1C8D871B-AEA1-4407-AEE3-47EC782250FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"44B067C7-735E-43C9-9188-7E1522A02491"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"21690BAC-2129-4A33-9B48-1F3BF30072A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*","matchCriteriaId":"6755B6AD-0422-467B-8115-34A60B1D1A40"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:-:*:*:*:*:*:*","matchCriteriaId":"A308448F-7FAD-4CAA-B204-94979A0055EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p1:*:*:*:*:*:*","matchCriteriaId":"9D942069-86FD-4777-B144-27F68845510F"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p10:*:*:*:*:*:*","matchCriteriaId":"8BCB79FA-CF26-4DA9-BE6B-DB38F4BD76DE"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p12:*:*:*:*:*:*","matchCriteriaId":"6937683B-ADC8-452E-BCD7-34ED8656D75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p13:*:*:*:*:*:*","matchCriteriaId":"0B50A898-C510-4582-8931-2820D2FFB646"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p16:*:*:*:*:*:*","matchCriteriaId":"5016E4BB-D905-49BF-8B23-40DD9F9BC133"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p19:*:*:*:*:*:*","matchCriteriaId":"C4009691-42D4-4E04-BA72-EAC9E30C30E1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p2:*:*:*:*:*:*","matchCriteriaId":"AC531D8E-31B3-48B1-8B79-85B9FB67CF0E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p20:*:*:*:*:*:*","matchCriteriaId":"4B161FA9-E1A8-407B-80A9-9F57DF4E6932"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p21:*:*:*:*:*:*","matchCriteriaId":"C608B9D9-28DD-4470-A5A2-96B030E8EA0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p22:*:*:*:*:*:*","matchCriteriaId":"50702FA4-624E-4C47-B672-8479ED7EB00C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p23:*:*:*:*:*:*","matchCriteriaId":"A05DE064-17DC-4BC3-BFA7-1FF31324BB5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p24:*:*:*:*:*:*","matchCriteriaId":"3785D821-D809-4948-92E0-CD6F93D06D56"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p25:*:*:*:*:*:*","matchCriteriaId":"4F309C4D-DBE9-4FDC-9F71-670FE84E8859"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p28:*:*:*:*:*:*","matchCriteriaId":"F6DF73AA-4270-46C1-BD19-EE0EAE39B6EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p3:*:*:*:*:*:*","matchCriteriaId":"B9D919A6-BBEC-416C-8FC0-5CA7B0191E82"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p30:*:*:*:*:*:*","matchCriteriaId":"BC7FC9A7-46A4-4BEC-AD3D-4E986BBB4B1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p31:*:*:*:*:*:*","matchCriteriaId":"6C1380CA-757C-442D-A15E-7C1EEF309BC2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p32:*:*:*:*:*:*","matchCriteriaId":"B4E26747-28E7-46C6-B9D2-949E7D2B9076"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p33:*:*:*:*:*:*","matchCriteriaId":"0D16FE35-E17F-4520-B2AA-916F586DE052"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p34:*:*:*:*:*:*","matchCriteriaId":"02A6E6C3-1DBF-41C5-8377-A3058AF1A1A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p35:*:*:*:*:*:*","matchCriteriaId":"168BEEE1-3401-4831-B32A-19874B1C185E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p36:*:*:*:*:*:*","matchCriteriaId":"FE660FBA-AD88-485E-B77B-94513E9CC660"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p38:*:*:*:*:*:*","matchCriteriaId":"04E25F11-56B2-4F49-913A-57FC58EBD87E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p39:*:*:*:*:*:*","matchCriteriaId":"B144DAC7-1B42-4DC2-AE46-6D3AD3296A43"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p5:*:*:*:*:*:*","matchCriteriaId":"22A2F317-2F1A-4D3F-8E31-B5ABFCEE2AAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p6:*:*:*:*:*:*","matchCriteriaId":"179468E8-0FB7-4E1A-9002-AFC8753027AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p7:*:*:*:*:*:*","matchCriteriaId":"CF8563F3-DD91-4272-B72D-08F66E2E44C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p8:*:*:*:*:*:*","matchCriteriaId":"642BCA8F-6432-43D2-9E74-565CC71A9DD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:p9:*:*:*:*:*:*","matchCriteriaId":"09003BFB-72FB-4F89-B62C-4A2505E60630"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:-:*:*:*:*:*:*","matchCriteriaId":"794DB6C2-514F-4353-AC31-025D53FFC3FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p1:*:*:*:*:*:*","matchCriteriaId":"55448583-DD8E-44FA-9033-CEB8E63FC2C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p10:*:*:*:*:*:*","matchCriteriaId":"A238C1FE-D4D3-4EEC-ACBE-341B112123EC"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p12:*:*:*:*:*:*","matchCriteriaId":"BABAD599-782F-4BFE-9EE2-0668ECAAC349"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p15:*:*:*:*:*:*","matchCriteriaId":"C263C188-EA00-4110-B9A5-16C0CD0F1DE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p16:*:*:*:*:*:*","matchCriteriaId":"75F93217-BCD4-4AD4-9621-49C83BA3FFD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p17:*:*:*:*:*:*","matchCriteriaId":"1860A2E7-8E58-4082-9C71-E4F383244953"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p18:*:*:*:*:*:*","matchCriteriaId":"B07FABAF-00CF-4284-AAC2-F3D6DA3D3841"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p19:*:*:*:*:*:*","matchCriteriaId":"87440763-A4AF-44E9-AB26-155313A64269"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p2:*:*:*:*:*:*","matchCriteriaId":"5F2A6E84-E37B-4E21-BBD9-FDB878D53D58"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p22:*:*:*:*:*:*","matchCriteriaId":"2D5B97BE-4A7F-4482-8A7F-A7DB5314CEA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p24:*:*:*:*:*:*","matchCriteriaId":"256FDB00-0427-4B72-B9FA-1FE4AD56EC28"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p25:*:*:*:*:*:*","matchCriteriaId":"5EC0C4BA-089F-44B1-A49B-2CDDEC86997B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p26:*:*:*:*:*:*","matchCriteriaId":"F7713F76-A9C7-498B-BEEC-B022D13268A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p27:*:*:*:*:*:*","matchCriteriaId":"E51647B0-B346-4FCB-97BE-22D43D002B17"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p28:*:*:*:*:*:*","matchCriteriaId":"AD84262A-7EBA-4E69-84C0-401D2FF33145"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p29:*:*:*:*:*:*","matchCriteriaId":"40325D25-ECE7-486E-B654-EAEA69E3D97D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p3:*:*:*:*:*:*","matchCriteriaId":"D5F7A00A-5A6B-46FA-8527-14917C50555A"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p30:*:*:*:*:*:*","matchCriteriaId":"CBD1A05A-5BBF-4C18-A5E0-E3A938D0D44C"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p31:*:*:*:*:*:*","matchCriteriaId":"8A8EDDD7-9BE0-4C11-B3E2-6BC63984DA23"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p4:*:*:*:*:*:*","matchCriteriaId":"466EA7B2-FBAF-4325-AD99-F5F4B0E5C0AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p5:*:*:*:*:*:*","matchCriteriaId":"EAD3F82B-E13C-40CE-BF65-4DA204FCDE93"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p6:*:*:*:*:*:*","matchCriteriaId":"23E2935E-7159-45A2-9164-978453F24BDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p7:*:*:*:*:*:*","matchCriteriaId":"1B7F75CF-F808-4BD6-9A46-AA5C1989F740"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p8:*:*:*:*:*:*","matchCriteriaId":"3EC40899-2775-45B9-96C1-8A9E7FAB7A64"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:p9:*:*:*:*:*:*","matchCriteriaId":"A22BC7A2-BA8D-4C1D-A51A-7DF7EDEDDCC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:-:*:*:*:*:*:*","matchCriteriaId":"C1C1DA92-2184-4FB0-8392-AF80E7D6EB2E"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p1:*:*:*:*:*:*","matchCriteriaId":"C59FCA1F-C2F9-4E11-A457-7979C94ECD3D"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p10:*:*:*:*:*:*","matchCriteriaId":"13BA0876-9EFB-474E-83BB-9A53F38ADD4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p11:*:*:*:*:*:*","matchCriteriaId":"B757D006-B0C5-4992-A1D7-2EB26C9A36D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p12:*:*:*:*:*:*","matchCriteriaId":"D07D5215-F475-42BA-B9B0-395628646C41"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p13:*:*:*:*:*:*","matchCriteriaId":"F0EED80F-53F4-46AA-B76E-FBF158D16544"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p14:*:*:*:*:*:*","matchCriteriaId":"375EAFDB-9E71-4EE8-9BDA-77FF831F2E06"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p2:*:*:*:*:*:*","matchCriteriaId":"041C28B8-8EA6-461D-B6CB-13E3B9FF8411"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p5:*:*:*:*:*:*","matchCriteriaId":"91362F1A-CB09-4505-A724-332C743D9624"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p7:*:*:*:*:*:*","matchCriteriaId":"D7F738CA-C3F4-4A30-9FF6-F0BD1DC1CC84"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p8:*:*:*:*:*:*","matchCriteriaId":"44685E95-3139-4A82-9A8B-EB5379DF0558"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:p9:*:*:*:*:*:*","matchCriteriaId":"8F92482C-F8B9-47A7-B5F1-ACBAC2A91646"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.3:-:*:*:*:*:*:*","matchCriteriaId":"E30CCEF8-E86A-482F-A77B-175F106D354E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:simatic_net_cp_443-1_opc_ua_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"22EFD09A-3D77-47B0-93FB-50F6C13A2F9A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:simatic_net_cp_443-1_opc_ua:-:*:*:*:*:*:*:*","matchCriteriaId":"7F488810-73E3-4475-975A-C2FCA037E78B"}]}]}],"references":[{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html","source":"cve@mitre.org"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"cve@mitre.org"},{"url":"http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3009","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538233/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/88226","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K20804323","source":"cve@mitre.org"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"cve@mitre.org"},{"url":"https://www.debian.org/security/2016/dsa-3629","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183647.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184669.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00034.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00052.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00042.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-05/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://packetstormsecurity.com/files/136864/Slackware-Security-Advisory-ntp-Updates.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-1552.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3009","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_ntp_4_2_8p7_Security","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538233/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/archive/1/538233/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/88226","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3096-1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2016:1141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-211752.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.f5.com/csp/article/K20804323","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-21-159-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2016/dsa-3629","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-2519","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.113","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (ntpd abort) by a large request data value, which triggers the ctl_getitem function to return a NULL value."},{"lang":"es","value":"Ntpd en NTP en versiones anteriores a 4.2.8p7 y 4.3.x en versiones anteriores a 4.3.92 permite a los atacantes remotos causar una denegación de servicio (ntpd abort) por un gran petición de valores de datos, lo que activa la función ctl_getitem para devolver un valor NULL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:N/I:N/A:C","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:*:p6:*:*:*:*:*:*","versionEndIncluding":"4.2.8","matchCriteriaId":"E2CF4922-E481-4C5B-9A34-F439D9C727FE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0C1CCF6F-74C6-42D7-B88B-36ED73BB1F8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B23D9009-DF45-44C1-80DF-CEEC9B9E3F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"43921601-667E-4415-83BE-E5B39D969BD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"75DD9C02-0C46-4785-8D77-C5465E4ED967"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"A497BADE-0516-494F-89FA-EAFC6AD17F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4298439A-EAF2-4CAA-990B-4AA37E7A0E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"30E9C822-C04A-4908-9596-76F9FB561206"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"12EBD400-8EC1-4F9C-B600-85B8FF3BDEA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"BE6CFF4C-2620-4FD6-91A2-C0D0DAA4287D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"842963D1-C78C-48B5-A8D2-BC018854E5CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"121ED6C5-8985-4DEF-9040-2AC63582E596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"566B4B99-8B4F-4ED8-B2DC-D90EC71ECB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"68499DA4-64EF-412F-A434-8E0F78D77CE9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"836C5AC9-463F-4703-81B9-7B5484F47A5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"FED14811-8F49-4796-BADD-DB7973EC32DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"D4EB2830-ADE5-4C87-964E-16748BF88EF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"8C0284FD-2933-4160-80D2-53B32CD73287"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"D9AB963A-7284-433F-9890-5AE402E4E000"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.18:*:*:*:*:*:*:*","matchCriteriaId":"EEDEFF7A-D964-4D9A-93BF-41E9D16EA793"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.19:*:*:*:*:*:*:*","matchCriteriaId":"9C434153-911C-4F07-ADD0-0EAB47F96E89"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.20:*:*:*:*:*:*:*","matchCriteriaId":"8183B043-8B96-4A8B-A5C9-544D4F1CED8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.21:*:*:*:*:*:*:*","matchCriteriaId":"6DE349AB-44CB-4263-80CE-59DFD572B363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.22:*:*:*:*:*:*:*","matchCriteriaId":"3DB55DF6-567F-4B6A-81E1-9013914416D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.23:*:*:*:*:*:*:*","matchCriteriaId":"80727B0B-AB5E-46CC-9DDF-F319C2D9B242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.24:*:*:*:*:*:*:*","matchCriteriaId":"E0755962-2D5F-41E6-9BDB-C2ECBCCD2818"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.25:*:*:*:*:*:*:*","matchCriteriaId":"2EBAADB5-FA32-4CF9-A4B2-51EEA300B0EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.26:*:*:*:*:*:*:*","matchCriteriaId":"A202FDAD-D757-4850-9D1E-C31B0F3BA718"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.27:*:*:*:*:*:*:*","matchCriteriaId":"B6A345D7-DFC0-4E0D-AAAB-8206C35F63D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.28:*:*:*:*:*:*:*","matchCriteriaId":"C4069EF5-DC7D-4487-8636-AC2EAB17BAC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.29:*:*:*:*:*:*:*","matchCriteriaId":"73DF3A5C-F1D9-468E-BD08-5E2578898DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.30:*:*:*:*:*:*:*","matchCriteriaId":"0858AE44-4B0A-4941-B4A8-937B557D1448"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.31:*:*:*:*:*:*:*","matchCriteriaId":"979C84FF-CB21-4819-B3CA-1A55FDF20BD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.32:*:*:*:*:*:*:*","matchCriteriaId":"94709B39-C394-4B44-A362-9429F4CB9D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.33:*:*:*:*:*:*:*","matchCriteriaId":"2E4526AC-6BCC-43A5-B501-263D0ED0655B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.34:*:*:*:*:*:*:*","matchCriteriaId":"E04FF6B4-CD1C-4AC1-B286-D6AB705D680B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.35:*:*:*:*:*:*:*","matchCriteriaId":"1FAFA0C8-1349-43A4-BDAC-3B5A601B9FDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.36:*:*:*:*:*:*:*","matchCriteriaId":"6BA130B1-DD20-4E98-963F-61E85A09E29E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.37:*:*:*:*:*:*:*","matchCriteriaId":"9AAC9B73-5020-47C9-803E-ABB6162AADE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.38:*:*:*:*:*:*:*","matchCriteriaId":"D2A6B7B5-3AC9-4442-BD91-3783C2B4235C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.39:*:*:*:*:*:*:*","matchCriteriaId":"D72F5C09-520B-486C-AD9A-9CBBFE6487CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.40:*:*:*:*:*:*:*","matchCriteriaId":"097DED37-D3F3-45C4-B131-1C4294406722"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.41:*:*:*:*:*:*:*","matchCriteriaId":"85A4F607-0A9D-4F84-B50D-28C54E6EDC06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.42:*:*:*:*:*:*:*","matchCriteriaId":"8C689CAF-632A-4FF2-8C86-541EEDD574E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.43:*:*:*:*:*:*:*","matchCriteriaId":"7B0ACF5B-BBA9-4B6C-B19D-B8AEF7212781"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.44:*:*:*:*:*:*:*","matchCriteriaId":"E09C8254-73DC-4AFA-A250-A8192DC917F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.45:*:*:*:*:*:*:*","matchCriteriaId":"D344FA12-3C5F-418B-9209-EA8BDD230074"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.46:*:*:*:*:*:*:*","matchCriteriaId":"D1C3A62A-C6F6-4B2E-A254-CDA12BD34DBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.47:*:*:*:*:*:*:*","matchCriteriaId":"073A0AFF-C5C6-422E-BD63-2353AA4B58E1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.48:*:*:*:*:*:*:*","matchCriteriaId":"59B5DA29-4139-405D-8AA8-23FAECBBC5CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.49:*:*:*:*:*:*:*","matchCriteriaId":"73F4D15D-6D2A-4730-B7CF-21284E92FEFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.50:*:*:*:*:*:*:*","matchCriteriaId":"79A0C6AB-813F-4417-A98E-33FBB7AAB939"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.51:*:*:*:*:*:*:*","matchCriteriaId":"815ABF0E-ED94-4426-8889-D3C2AECACC26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.52:*:*:*:*:*:*:*","matchCriteriaId":"894612F1-8C51-4F66-AFE7-D8077F63E562"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.53:*:*:*:*:*:*:*","matchCriteriaId":"63FD3D1E-08F8-4C7F-876C-47E88386B83E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.54:*:*:*:*:*:*:*","matchCriteriaId":"9C068E27-A3DD-4FD2-81FB-2CFEC3C047CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.55:*:*:*:*:*:*:*","matchCriteriaId":"E21A12E6-0802-4BDC-AF71-50D7D0433B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.56:*:*:*:*:*:*:*","matchCriteriaId":"DC7EE44A-7D8B-41A5-82A6-04AEE50278CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.57:*:*:*:*:*:*:*","matchCriteriaId":"6862529A-1AE5-4E2D-A4B0-E351D1900C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.58:*:*:*:*:*:*:*","matchCriteriaId":"4C6B6711-0F75-4FEA-8917-04391FC9D378"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.59:*:*:*:*:*:*:*","matchCriteriaId":"6AC0249C-3CFC-4CD3-9481-9F6BE1FC5E31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.60:*:*:*:*:*:*:*","matchCriteriaId":"3BE639D9-0B1E-4DFB-B275-D11665FDA4AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.61:*:*:*:*:*:*:*","matchCriteriaId":"B35E9C41-0F2A-4790-B996-8EC00FA863F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.62:*:*:*:*:*:*:*","matchCriteriaId":"28BAB268-3A70-4422-9C6C-49E6453D750D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.63:*:*:*:*:*:*:*","matchCriteriaId":"9A5960F1-DDA9-4885-952F-450EC00B5C9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.64:*:*:*:*:*:*:*","matchCriteriaId":"E725D449-BBC2-40E3-BF53-D9BF7B4F57D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.65:*:*:*:*:*:*:*","matchCriteriaId":"B10975CB-56EB-44D0-BDEF-60484B6BD85E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.66:*:*:*:*:*:*:*","matchCriteriaId":"3EE56C0F-0AF4-45CF-ACA2-0E583BBB3187"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.67:*:*:*:*:*:*:*","matchCriteriaId":"16A4A1AC-ED08-4EFE-A826-1BB1B5CAB34E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.68:*:*:*:*:*:*:*","matchCriteriaId":"BF9D7AD6-6BDB-4519-B9F8-3181E21850FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.69:*:*:*:*:*:*:*","matchCriteriaId":"B061FF9A-0D00-429D-9B2F-14EEA41E7A33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.70:*:*:*:*:*:*:*","matchCriteriaId":"D6CB0260-2A96-41A8-81A0-8E9722B22D87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.71:*:*:*:*:*:*:*","matchCriteriaId":"AE037065-9E33-4A5A-8188-1F086D7BE394"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.72:*:*:*:*:*:*:*","matchCriteriaId":"70200031-5902-416D-A140-DC2CDFDAF683"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.73:*:*:*:*:*:*:*","matchCriteriaId":"575C5F15-2C16-4B39-A718-1641DDD88F84"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.74:*:*:*:*:*:*:*","matchCriteriaId":"9E7BFD7E-9B3F-4D63-BEBC-16F22DA6F8E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.75:*:*:*:*:*:*:*","matchCriteriaId":"42631437-772B-45E0-A1F3-5D9E2FC77D19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.76:*:*:*:*:*:*:*","matchCriteriaId":"CA9E62EF-E21F-421F-9A57-54A551CEC441"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.77:*:*:*:*:*:*:*","matchCriteriaId":"871E046E-013A-4E10-9457-4D1F407519EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.78:*:*:*:*:*:*:*","matchCriteriaId":"B5E4B06F-AD55-4D61-B966-B38B854C0A75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.79:*:*:*:*:*:*:*","matchCriteriaId":"19817731-42C2-4745-88F2-D27258FC7DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77479EEE-F81B-4653-8FAD-0AFBA3C71B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.81:*:*:*:*:*:*:*","matchCriteriaId":"0208619E-9179-46D9-8E47-6CB5B4046DF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.82:*:*:*:*:*:*:*","matchCriteriaId":"6FBAE2A2-B7CB-45F6-A84C-5B9B742A0B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.83:*:*:*:*:*:*:*","matchCriteriaId":"5CC16904-03FC-42B2-89F0-CA0D59A5FB91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.84:*:*:*:*:*:*:*","matchCriteriaId":"4E3980D1-54F1-4C2F-B140-B2F18D8958A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.85:*:*:*:*:*:*:*","matchCriteriaId":"0C845718-520A-42CB-9BA7-00723694A01F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.86:*:*:*:*:*:*:*","matchCriteriaId":"FAB7BF51-DD1A-41E1-B5E5-02A6BADC30DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.87:*:*:*:*:*:*:*","matchCriteriaId":"431DA557-0977-43C2-8DEF-127B1BAA9F46"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.88:*:*:*:*:*:*:*","matchCriteriaId":"733C0A5D-3A0A-4449-9DE0-BD06D4942799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.89:*:*:*:*:*:*:*","matchCriteriaId":"C9E5DAD5-465A-4A53-856A-1F674723EB00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.90:*:*:*:*:*:*:*","matchCriteriaId":"B3FE37F4-C8E6-42CC-A799-563637F6B85A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ntp:ntp:4.3.91:*:*:*:*:*:*:*","matchCriteriaId":"72F9DD05-E521-45D3-994E-0400DA0070BD"}]}]}],"references":[{"url":"http://support.ntp.org/bin/view/Main/NtpBug3008","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88204","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"cve@mitre.org"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"cve@mitre.org"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"cve@mitre.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://support.ntp.org/bin/view/Main/NtpBug3008","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/88204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1035705","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-16:16.ntp.asc","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201607-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20171004-0002/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kb.cert.org/vuls/id/718152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7544","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed."},{"lang":"es","value":"Crypto ++ 5.6.4 utiliza incorrectamente las funciones basadas en pila _malloca y _freea de Microsoft. La biblioteca solicitará un bloqueo de memoria para alinear una tabla en la memoria. Si la tabla se reasigna más tarde, entonces se podría liberar el puntero incorrecto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cryptopp:crypto\\+\\+:5.6.4:*:*:*:*:*:*:*","matchCriteriaId":"294ECA41-1CAA-4C14-A768-9335A360E096"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/23/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/23/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93164","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/weidai11/cryptopp/issues/302","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.cryptopp.com/release565.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/23/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/23/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93164","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/weidai11/cryptopp/issues/302","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.cryptopp.com/release565.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9939","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T21:59:01.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation."},{"lang":"es","value":"Crypto ++ (también conocido como cryptopp y libcrypto ++) 5.6.4 contenía un error en su rutina de decodificación ASN.1 BER. La librería asignará un bloqueo de memoria basado en el campo de longitud del objeto ASN.1. Si no hay suficientes octetos de contenido en el objeto ASN.1, entonces la función fallará y el bloqueo de memoria se pondrá a cero aunque no esté en uso. Hay un retraso notable durante el borrado para una asignación grande."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cryptopp:crypto\\+\\+:5.6.4:*:*:*:*:*:*:*","matchCriteriaId":"294ECA41-1CAA-4C14-A768-9335A360E096"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3748","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/12/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94854","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3748","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/12/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7IL5A6465IEPW5GAWGXB2ENJPFYVWTJM/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-2180","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password."},{"lang":"es","value":"El controlador DBMail en el complemento Password de Roundcube en versiones anteriores a 1.1.0 permite a atacantes remotos ejecutar comandos arbitrarios a través de los metacaracteres de shell en la contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:roundcube:webmail:*:rc:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B227F6FD-A62A-404D-8D3F-A7853120FD0D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96387","source":"cve@mitre.org"},{"url":"https://github.com/roundcube/roundcubemail/issues/4757","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96387","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/roundcube/roundcubemail/issues/4757","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-2181","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username."},{"lang":"es","value":"Varios desbordamientos de búfer en el controlador DBMail en el complemento Password de Roundcube en versiones anteriores a 1.1.0 permiten a atacantes remotos tener un impacto no especificado a través de (1) la contraseña o (2) el nombre de usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.0","matchCriteriaId":"3FE3538F-01A8-4AEA-84D0-6D4F7195DD10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96391","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/roundcube/roundcubemail/issues/4757","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96391","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/roundcube/roundcubemail/issues/4757","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-7331","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument."},{"lang":"es","value":"El plugin mcollective-puppet-agent en versiones anteriores a 1.11.1 para Puppet permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican el argumento --server."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppetlabs:mcollective-puppet-agent:*:*:*:*:*:puppet:*:*","versionEndIncluding":"1.11.0","matchCriteriaId":"D0E9E715-D17D-4A94-B79F-0660A4229C0D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92432","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2015-7331","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2015-7331","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8034","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file."},{"lang":"es","value":"La función state.sls en Salt en versiones anteriores a 2015.8.3 utiliza permisos débiles en los datos de caché, lo que permite a los usuarios locales obtener información sensible leyendo el archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionEndIncluding":"2015.8.2","matchCriteriaId":"A4596B09-C53D-4B19-91A3-BB0F2731CE0D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96390","source":"cve@mitre.org"},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96390","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.8.3.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10087","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure."},{"lang":"es","value":"La función png_set_text_2 en libpng 0.71 en versiones anteriores a 1.0.67, 1.2.x en versiones anteriores a 1.2.57, 1.4.x en versiones anteriores a 1.4.20, 1.5.x en versiones anteriores a 1.5.28 y 1.6.x en versiones anteriores a 1.6.27 permite que los atacantes dependientes de contexto provoquen que los vectores de desreferencia de puntero NULL impliquen la carga de un fragmento de texto en una estructura png, la eliminación del texto y la adición de otro fragmento de texto a la estructura."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.8:*:*:*:*:*:*:*","matchCriteriaId":"E0D85B75-10B4-435F-9617-71ED6D199183"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.71:*:*:*:*:*:*:*","matchCriteriaId":"C1A2487D-960A-43F5-AA57-7900DE6B4D16"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.81:*:*:*:*:*:*:*","matchCriteriaId":"DB2620BB-22B6-45FF-98E2-3F9D553E6A76"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.82:*:*:*:*:*:*:*","matchCriteriaId":"83EF4CC5-B649-4D13-B513-1CA0AAE100DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.85:*:*:*:*:*:*:*","matchCriteriaId":"5EE3FEA9-4BE7-4229-9649-64DAD4AF7791"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.86:*:*:*:*:*:*:*","matchCriteriaId":"14B5F6F6-562C-4D96-9556-E4EC084442D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.87:*:*:*:*:*:*:*","matchCriteriaId":"02562AA2-A140-4380-8769-E4837B4E0952"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.88:*:*:*:*:*:*:*","matchCriteriaId":"C808CE91-D85B-49C9-8A4E-251F2250A4FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.89:*:*:*:*:*:*:*","matchCriteriaId":"8724AE78-9BF9-4882-8596-64A89008A5EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*","matchCriteriaId":"9427E9C7-0B51-4066-9428-BE48D8BAD65E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.90:*:*:*:*:*:*:*","matchCriteriaId":"4EF125DE-6BD1-4640-9710-6EE69CD8A871"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*","matchCriteriaId":"DE45B563-07B8-4F4E-80B4-C73216DF7295"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.96:*:*:*:*:*:*:*","matchCriteriaId":"0303A619-21BE-49DD-8C08-F04DFB31FC73"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.97:*:*:*:*:*:*:*","matchCriteriaId":"197C2166-FCB7-467B-ABF1-E30E7DBD8816"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.98:*:*:*:*:*:*:*","matchCriteriaId":"663DD631-661D-48FA-A090-A18536BA284A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99:*:*:*:*:*:*:*","matchCriteriaId":"1AEDED41-716C-4D7F-9D18-FF4672F51C67"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99a:*:*:*:*:*:*:*","matchCriteriaId":"A15C127E-ED56-42D8-99F2-D07929487431"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99b:*:*:*:*:*:*:*","matchCriteriaId":"DE555A15-8A1F-4133-9823-F915CE7A9D3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99c:*:*:*:*:*:*:*","matchCriteriaId":"93EDA6FA-A9F0-4007-881A-5C7A5C490739"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99d:*:*:*:*:*:*:*","matchCriteriaId":"332E032F-511F-493B-86C4-2AFB0BC18F44"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99e:*:*:*:*:*:*:*","matchCriteriaId":"795F6638-88FD-4314-8FCB-D485B455BBEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99f:*:*:*:*:*:*:*","matchCriteriaId":"A5C697AC-5E3D-4306-B702-8FAB46DEDB81"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99g:*:*:*:*:*:*:*","matchCriteriaId":"82EB41DC-CF89-4847-BF49-A50881490A49"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:0.99h:*:*:*:*:*:*:*","matchCriteriaId":"29AA9DB8-F638-4447-A7FC-2F817F23B80D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.00:*:*:*:*:*:*:*","matchCriteriaId":"DF99202B-9891-4231-B8E3-D82DFC947BBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6D6B3DAF-DF99-48B2-8E7C-BE8E043D4C24"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.0a:*:*:*:*:*:*:*","matchCriteriaId":"9C8F61D9-B7CA-40BB-8D7F-7DE0B4B2566F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.0b:*:*:*:*:*:*:*","matchCriteriaId":"D524E8E7-DAEB-4CC3-907E-8D2E835D57A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"29050958-EFD8-4A79-9022-EF72AAD4EDB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1a:*:*:*:*:*:*:*","matchCriteriaId":"584F6704-39E3-4D19-975D-ACD791DA1101"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1b:*:*:*:*:*:*:*","matchCriteriaId":"03F745C8-CCF4-4DBF-B978-BCB710915888"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1c:*:*:*:*:*:*:*","matchCriteriaId":"7F91B7DB-91B0-47E5-B1F9-30CD7BFBAE93"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1d:*:*:*:*:*:*:*","matchCriteriaId":"4784AFCE-EDA5-4AB1-B66F-441132E0BD9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.1e:*:*:*:*:*:*:*","matchCriteriaId":"B72B58C7-78F1-451B-A416-0C4069D1480A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B3CB33B1-71B2-4235-A2C1-FCAEA9844A6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.2a:*:*:*:*:*:*:*","matchCriteriaId":"8D7E887E-2D28-441E-A945-EE65375004BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"436F8C71-1780-4DC6-937B-8F1F51C7453D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.3a:*:*:*:*:*:*:*","matchCriteriaId":"16F93C13-4AF0-4F10-9AAA-CC6BFD5CC11F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.3b:*:*:*:*:*:*:*","matchCriteriaId":"6DBAABD9-68DA-449F-97D9-2110383C7BF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.3d:*:*:*:*:*:*:*","matchCriteriaId":"73498D20-EAB1-4EAE-9FBA-DD91477D39FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"8CE9F50F-CAE1-49F6-BCF1-0E96155101F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4a:*:*:*:*:*:*:*","matchCriteriaId":"3113D349-2A78-47C7-92A1-F6B161A935F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4b:*:*:*:*:*:*:*","matchCriteriaId":"FF879FFC-E50B-4B63-9ED8-46732DAB1F8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4c:*:*:*:*:*:*:*","matchCriteriaId":"CF6371CA-6A05-41E9-A2F1-57E8776AF977"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4d:*:*:*:*:*:*:*","matchCriteriaId":"CF454D5D-F9F4-4145-9D6A-00028079BFBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4e:*:*:*:*:*:*:*","matchCriteriaId":"FE23E138-D40B-41CF-BB15-9DC859343597"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.4f:*:*:*:*:*:*:*","matchCriteriaId":"DC318698-1D3D-4803-B687-37A993382099"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"0BF2C6F3-BFE7-4234-9975-DE7FCDA26A46"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5a:*:*:*:*:*:*:*","matchCriteriaId":"77986D51-C39F-49C8-8D19-E785BE048C39"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5b:*:*:*:*:*:*:*","matchCriteriaId":"D74D2A43-CD5D-4E78-B519-05AF7B43F940"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5c:*:*:*:*:*:*:*","matchCriteriaId":"5A25230A-01B4-488B-BEE7-FB417D1FA7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5d:*:*:*:*:*:*:*","matchCriteriaId":"28AAA435-65BC-4D90-BF42-BF07BE4A30A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5e:*:*:*:*:*:*:*","matchCriteriaId":"0BCF81F9-9A58-4397-AD5F-DC679391C6D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5f:*:*:*:*:*:*:*","matchCriteriaId":"C288D5D9-D45E-4576-B511-C54F817C0D69"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5g:*:*:*:*:*:*:*","matchCriteriaId":"784C3861-491C-4E7C-8B1E-48C3DE55ABBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5h:*:*:*:*:*:*:*","matchCriteriaId":"4042A89E-D9F8-415C-A0C2-2D234D3BF1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5i:*:*:*:*:*:*:*","matchCriteriaId":"3EC6238C-0C86-4A90-9835-C1AF42A259AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5j:*:*:*:*:*:*:*","matchCriteriaId":"8F135843-9B08-4A6A-A4DA-53A9F4D30D97"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5k:*:*:*:*:*:*:*","matchCriteriaId":"13CDBDA0-160E-4407-8668-A73E6B288267"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5l:*:*:*:*:*:*:*","matchCriteriaId":"58BE9D06-4384-4E14-B0EE-78FA5884DF32"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5m:*:*:*:*:*:*:*","matchCriteriaId":"0A13440D-E411-46C9-B965-A8B5E7EC2A0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5n:*:*:*:*:*:*:*","matchCriteriaId":"62ABF3AA-1763-408F-BC8C-F21A2A4D8446"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5o:*:*:*:*:*:*:*","matchCriteriaId":"7016EE48-2980-4135-A893-3F64484E4DBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5p:*:*:*:*:*:*:*","matchCriteriaId":"15378A0E-B754-46A5-874A-369D903E0DD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5q:*:*:*:*:*:*:*","matchCriteriaId":"96E2002E-180D-4AB9-9575-B117B2E78295"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5r:*:*:*:*:*:*:*","matchCriteriaId":"122A09C4-EA58-48D2-ACE6-CEF44B027E9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5s:*:*:*:*:*:*:*","matchCriteriaId":"5FCCC376-2DF5-4F09-8DB7-5E9834A42EBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5t:*:*:*:*:*:*:*","matchCriteriaId":"1426808E-BEBE-430E-8536-4957AFA338EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5u:*:*:*:*:*:*:*","matchCriteriaId":"50E21EFB-EA8A-47FB-BF1C-85E959827839"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.5v:*:*:*:*:*:*:*","matchCriteriaId":"528F26EF-33C7-48D3-AE6A-2B25D1DAB070"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"5B79DC5F-5062-4031-BA11-746EE3C8E1CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6d:*:*:*:*:*:*:*","matchCriteriaId":"2FEEA93F-6ECE-455C-889A-3C9B960DBB06"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6e:*:*:*:*:*:*:*","matchCriteriaId":"C22EB70E-CD5D-4ECD-9EC4-483EC8282458"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6f:*:*:*:*:*:*:*","matchCriteriaId":"C1E85239-F2CD-47D5-BCF4-B351C83424AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6g:*:*:*:*:*:*:*","matchCriteriaId":"07FF0DB3-0A02-43E8-8AC3-19CBCC6908AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6h:*:*:*:*:*:*:*","matchCriteriaId":"FC046FEF-14BD-42A0-8EA8-B1A7EAE5A357"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6i:*:*:*:*:*:*:*","matchCriteriaId":"FB131026-817E-4302-8610-DCE0802956A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.6j:*:*:*:*:*:*:*","matchCriteriaId":"B62C2841-737B-4D0A-BD41-C5FF0172CB6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"CAD6DE25-8B2F-4DB9-9969-8AAC23BC0AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*","matchCriteriaId":"35F2B503-1516-465D-A558-9932BDB3457D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*","matchCriteriaId":"BA94EAAA-A4D2-4E36-BC69-BBE9644FE970"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*","matchCriteriaId":"F3A7C96C-8FBB-42B4-937E-3321C939CC87"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*","matchCriteriaId":"94084356-D39B-41B2-AC24-0ADAD0BF5988"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*","matchCriteriaId":"086C6335-7872-46A7-AEB1-9BE5AE5A788C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*","matchCriteriaId":"FF8233B1-04A0-4E25-97EE-CF466B48A12E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*","matchCriteriaId":"FA714E7E-05EF-4598-9324-887BC66C675E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*","matchCriteriaId":"C5CF3B73-D3B9-4D76-B411-C837BCE0806E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*","matchCriteriaId":"D1752D91-3468-4E22-B60F-6789B3CBD7B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*","matchCriteriaId":"F433AA7E-A780-4D45-AD1A-5A4CE1F3FCD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*","matchCriteriaId":"93E210A7-489B-4EA7-A840-599523157DD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*","matchCriteriaId":"B37565FA-72F5-4063-8D7A-97BC269F020B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*","matchCriteriaId":"BC8FA821-818E-4BC7-834B-94EB5C042390"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*","matchCriteriaId":"F3FBF3D3-95A6-4869-8A69-F0E5ECA40220"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*","matchCriteriaId":"D07785D0-E995-4208-AB8C-43B320D291F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*","matchCriteriaId":"152DDD6E-CF56-4E1C-BE4D-C7BC0FD9B08C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*","matchCriteriaId":"19BBA666-4473-4C6D-BF48-34EF3F09AD7D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*","matchCriteriaId":"B7DDF6CC-7997-47E7-96D3-8DC10F1D17F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*","matchCriteriaId":"A1926DD0-0A9B-4F9D-BB4F-AC7AB0B3F0E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*","matchCriteriaId":"2763A6C7-DBBA-4E2A-917C-B6FF524B9891"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*","matchCriteriaId":"E7DECDF8-7742-4D58-99FA-100A01748B05"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*","matchCriteriaId":"CA4FD3B1-3A68-4122-AA50-31BFC6C50408"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*","matchCriteriaId":"45790331-CE26-457F-8649-F027703E73EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*","matchCriteriaId":"0B0BFE2D-5C7B-42E0-B783-8C5907CA8635"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*","matchCriteriaId":"7CD993C1-70B6-4ACB-B958-94E7EF973A8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*","matchCriteriaId":"C085686C-A0AA-4F56-9E7D-B5CB24B890D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*","matchCriteriaId":"D02A5197-06B9-469E-9817-45BB23324042"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*","matchCriteriaId":"5EB6BE37-E564-4E42-BE39-36DD301C37A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*","matchCriteriaId":"314209F2-E0A0-4045-8108-8E7215312442"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*","matchCriteriaId":"11A8ECBB-7E50-4447-88E2-893C1466C251"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*","matchCriteriaId":"8B8F24A5-F5C3-495F-9AF0-2EE836E0147A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*","matchCriteriaId":"46DE2DE3-F081-4B80-A4DA-C5AB27B3CA8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*","matchCriteriaId":"71EF1D77-7838-47DF-B6A2-DBBAC0058FED"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.42:*:*:*:*:*:*:*","matchCriteriaId":"76BA4FEA-FEB4-47A9-9DFF-A233CEE03D04"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.43:*:*:*:*:*:*:*","matchCriteriaId":"60DB5A63-E89E-48AB-A846-107EBEC71D67"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.44:*:*:*:*:*:*:*","matchCriteriaId":"2181FEEB-D07E-490C-9953-3490D87B63A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.45:*:*:*:*:*:*:*","matchCriteriaId":"36DC41DD-A291-4ECE-84B9-574828AA2A80"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.46:*:*:*:*:*:*:*","matchCriteriaId":"015D1E36-17A1-4413-B1FB-5DF4C36712BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.47:*:*:*:*:*:*:*","matchCriteriaId":"F64CE8F2-22B1-43F8-8934-CBCD2EFBA85D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.48:*:*:*:*:*:*:*","matchCriteriaId":"CEB15BE8-1B88-4117-AF14-3AA2B54DB323"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.50:*:*:*:*:*:*:*","matchCriteriaId":"A2CB2728-4CC7-46EA-809B-450A9BB9F884"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.51:*:*:*:*:*:*:*","matchCriteriaId":"96638963-D264-49AD-9B77-497C3DA23DFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.52:*:*:*:*:*:*:*","matchCriteriaId":"88544BBE-29A1-4622-B3E6-FA4B891A9B5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.53:*:*:*:*:*:*:*","matchCriteriaId":"DD658D98-9A4D-4DC2-A935-BB3BF0E0FB2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.54:*:*:*:*:*:*:*","matchCriteriaId":"FFF819AF-AC11-4BD9-A070-572836A65FB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.55:*:*:*:*:*:*:*","matchCriteriaId":"2EEAC62D-BF2B-40DF-9428-FFBF7CA09471"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.56:*:*:*:*:*:*:*","matchCriteriaId":"36327723-F953-4BD3-A525-930DDCF7931D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.57:*:*:*:*:*:*:*","matchCriteriaId":"7D482811-2EF1-47AE-A41C-7532AC6DEF31"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.58:*:*:*:*:*:*:*","matchCriteriaId":"2D0EE98D-0596-4147-9EC4-F3616BF2B901"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.59:*:*:*:*:*:*:*","matchCriteriaId":"62F15027-0E80-48B7-9ECD-9E7228F0E81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.60:*:*:*:*:*:*:*","matchCriteriaId":"99904D7E-0046-4481-99B6-01710D4FC848"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.61:*:*:*:*:*:*:*","matchCriteriaId":"8AB33B4E-E69A-4002-816C-24CCD49682F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.62:*:*:*:*:*:*:*","matchCriteriaId":"42A4FAF1-4B81-47C4-BFB7-6052524A2DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.63:*:*:*:*:*:*:*","matchCriteriaId":"686A50C3-93E1-4C3F-8089-322BE26E6317"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.64:*:*:*:*:*:*:*","matchCriteriaId":"BBD67FEF-E6D3-449B-B2E9-14A69AD8E923"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.65:*:*:*:*:*:*:*","matchCriteriaId":"BD8B4549-007C-4572-86D9-F51A7B3FC586"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.0.66:*:*:*:*:*:*:*","matchCriteriaId":"27E469B0-BF89-45AD-96BB-C7E2E5D08221"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"C036011A-9AE1-423C-8B73-188B9BA20FEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"663C6EE5-5B5E-4C0F-9E7F-D0E1DA9AF9EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"42056C63-69A7-43CF-828C-0C3E365702D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*","matchCriteriaId":"5B6A39A3-7F86-4DC3-B248-859630AFB9A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*","matchCriteriaId":"005C2DA4-D00E-4206-851E-9226D66B5F2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*","matchCriteriaId":"857B664A-C6F9-45E3-93EA-C0F53CEF5C46"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*","matchCriteriaId":"9A3E3BF3-4376-4692-A515-A7B6593F28F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.12:*:*:*:*:*:*:*","matchCriteriaId":"3B1AC712-110D-458F-B650-930C6D45CA53"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*","matchCriteriaId":"7F848FA5-9682-454F-A9DE-671C4401F15F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*","matchCriteriaId":"C4B83678-98A1-440E-950C-4A27995C7294"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*","matchCriteriaId":"95EABD7D-1F18-4FA5-BAA9-F8D69129E531"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*","matchCriteriaId":"3988FA1B-18D9-46AA-87BA-A6B01D4F4B25"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*","matchCriteriaId":"09E2B608-6C70-446F-A3A7-369048D99855"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*","matchCriteriaId":"5AA00AE0-F447-4361-AA37-0C98BDE491E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*","matchCriteriaId":"21DACE94-FBDC-4A3D-8DD6-E62D18F5EE7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*","matchCriteriaId":"ECEB8F61-195E-41DE-90CE-22854055E9D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*","matchCriteriaId":"D0F72B91-1F7F-41EB-ABC8-1B50AFEC70EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*","matchCriteriaId":"111091B9-CBAE-4FC7-8B97-7D2345BFCB45"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*","matchCriteriaId":"54C6D9D3-50B2-4A63-B3D1-C76C70F4443E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*","matchCriteriaId":"F2DEFD05-10EE-4242-B885-FD1B0DF6CAA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*","matchCriteriaId":"F9F9A6DB-19BF-4798-879E-9BD4AD5EFF2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*","matchCriteriaId":"31EE280F-D76D-478B-ADD6-D5F2C7574A2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.35:*:*:*:*:*:*:*","matchCriteriaId":"C1BE9ED0-685B-41F0-A984-D33E7034AEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.37:*:*:*:*:*:*:*","matchCriteriaId":"07B00AD3-D13C-45B5-A13A-9092D40F4A63"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.38:*:*:*:*:*:*:*","matchCriteriaId":"14222EA8-E8ED-4818-ACB4-C6A13643F210"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.39:*:*:*:*:*:*:*","matchCriteriaId":"A22C28DD-5C99-4722-9093-A1E82A2C2808"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.41:*:*:*:*:*:*:*","matchCriteriaId":"10CD562E-1F06-4779-A29C-4069E3C86B16"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.42:*:*:*:*:*:*:*","matchCriteriaId":"4D83D507-64AF-4158-97B9-1353E2F8EE46"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.44:*:*:*:*:*:*:*","matchCriteriaId":"0DF6249D-5AA8-4EA3-A92A-0E492FE5B811"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.45:*:*:*:*:*:*:*","matchCriteriaId":"CDE7F259-40A2-4866-8EF8-44A9913EC4EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.46:*:*:*:*:*:*:*","matchCriteriaId":"03C20A42-6A77-43D4-80D7-332BB2DF1B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.47:*:*:*:*:*:*:*","matchCriteriaId":"D4CC5DBB-249B-4EED-9F54-E23CB1919ED0"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.50:*:*:*:*:*:*:*","matchCriteriaId":"D20664A4-4816-4F57-82BB-F4116FA33A41"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.51:*:*:*:*:*:*:*","matchCriteriaId":"64226521-0723-4259-B214-0D2A35CF5FBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.52:*:*:*:*:*:*:*","matchCriteriaId":"6ABEEBFE-A8C8-40D4-97D8-F06676E67478"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.53:*:*:*:*:*:*:*","matchCriteriaId":"47831D80-33AC-4A13-B92D-3D2CBF215955"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.54:*:*:*:*:*:*:*","matchCriteriaId":"7ED428C8-E6AB-4BB1-BE7D-543B2A19410F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*","matchCriteriaId":"00EFBF77-B771-4A52-B4FF-6346F4B69968"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.56:*:*:*:*:*:*:*","matchCriteriaId":"B7568641-1AB0-4158-A34F-F9A36169C1E4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"52D5DAA1-3632-48D7-A657-4A4C83A119D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"EB5AE8E0-3C11-4EE1-A599-4D70C6A13F1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"6AD36C3B-3C02-488B-B480-EA091D702CA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.3:*:*:*:*:*:*:*","matchCriteriaId":"59BAD272-D4B6-40CE-B5E9-63145E12B638"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.4:*:*:*:*:*:*:*","matchCriteriaId":"5EEB311C-766D-4070-A0BE-9CE4593C8F49"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.5:*:*:*:*:*:*:*","matchCriteriaId":"C185BF59-68E4-49F8-802F-C06FE840FF3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.6:*:*:*:*:*:*:*","matchCriteriaId":"5C399B31-B8EC-41C4-B6AB-83BABC474374"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.7:*:*:*:*:*:*:*","matchCriteriaId":"3B00AF5F-D4F5-490C-8BF4-2B33EFBF15A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.8:*:*:*:*:*:*:*","matchCriteriaId":"BA9AEB1D-0AA7-4842-9CF9-91BFD8B58A4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.9:*:*:*:*:*:*:*","matchCriteriaId":"09150152-5DEA-4FA2-9163-63EAF4D83DEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.10:*:*:*:*:*:*:*","matchCriteriaId":"45E5068A-42BE-478B-8C00-FE23B7837DC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.11:*:*:*:*:*:*:*","matchCriteriaId":"023CCFB0-7995-408E-928A-76C5BD9B4924"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.12:*:*:*:*:*:*:*","matchCriteriaId":"493F615D-DB81-48B3-9E74-C32544A01372"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.13:*:*:*:*:*:*:*","matchCriteriaId":"D2F12925-44F7-4790-8A06-345EB3DCCB71"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.14:*:*:*:*:*:*:*","matchCriteriaId":"7F5BF226-D62F-4F54-B771-EB108FD256FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.15:*:*:*:*:*:*:*","matchCriteriaId":"D2EDBFCB-96DA-4A36-873A-3164975BE997"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.16:*:*:*:*:*:*:*","matchCriteriaId":"ACDB15BE-BDD2-4210-B224-A520E8DC7D89"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.17:*:*:*:*:*:*:*","matchCriteriaId":"70D3AD38-CCE7-47E6-8225-C0BFC3F10E4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.18:*:*:*:*:*:*:*","matchCriteriaId":"4D176C8F-C91F-47C8-AEC8-377324944421"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.4.19:*:*:*:*:*:*:*","matchCriteriaId":"37BF798D-391A-4207-BBDB-23A7156F66B0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*","matchCriteriaId":"00EFBF77-B771-4A52-B4FF-6346F4B69968"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"3E2ECD2B-A847-42FB-B5B3-DAFC40B2E513"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"CE8BC209-45B9-44D6-A26D-0B570ED5BB19"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*","matchCriteriaId":"6644ED2F-66F3-469D-8233-72FE7321E850"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.3:*:*:*:*:*:*:*","matchCriteriaId":"5AF0E757-9E9C-4022-B32D-3F0E9C815FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*","matchCriteriaId":"3F34978D-6ABE-463E-AB48-21CC55B7D157"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*","matchCriteriaId":"7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*","matchCriteriaId":"246CF13F-FDC1-499E-9FC1-5624D54E9E3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*","matchCriteriaId":"AC66FD43-421B-4223-BA32-EC47B51E1091"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.8:*:*:*:*:*:*:*","matchCriteriaId":"F0F5664B-5AB9-4DE4-99AA-8FD32DBA4A4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.9:*:*:*:*:*:*:*","matchCriteriaId":"C7712376-D776-4814-A041-FBFEAC70ADC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.10:*:*:*:*:*:*:*","matchCriteriaId":"103E5ECE-126B-4C93-A3C8-979DCCA4EB5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.11:*:*:*:*:*:*:*","matchCriteriaId":"65DEDF02-9239-497C-94DB-DAF80B6B4F6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.12:*:*:*:*:*:*:*","matchCriteriaId":"8CAAECD8-0C16-40CC-BA8A-97DF38BAF668"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.13:*:*:*:*:*:*:*","matchCriteriaId":"84D9B3E6-D32D-4E4B-908A-39FAC3D5F618"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.14:*:*:*:*:*:*:*","matchCriteriaId":"8F2DB1EF-B961-4C56-8519-242419B6AB9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.15:*:*:*:*:*:*:*","matchCriteriaId":"2BDE2351-2B17-4C1A-A625-6C7DE691039A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.16:*:*:*:*:*:*:*","matchCriteriaId":"5426F3F0-CF21-45D4-9071-F8F7865A7619"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.17:*:*:*:*:*:*:*","matchCriteriaId":"25147E8F-7385-4393-BE21-E3347610F003"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.18:*:*:*:*:*:*:*","matchCriteriaId":"19C06F50-7C48-4FD6-B0C9-6C9B643742B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.19:*:*:*:*:*:*:*","matchCriteriaId":"DA562433-F6F5-46C1-98DE-8309BD940260"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.20:*:*:*:*:*:*:*","matchCriteriaId":"CD684587-0D7E-411F-B9E3-14CBE4954499"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.21:*:*:*:*:*:*:*","matchCriteriaId":"5AB9178D-DEEF-4D2C-9347-F553312129C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.22:*:*:*:*:*:*:*","matchCriteriaId":"3157A738-20EB-4BE0-A58B-E21DDA64EDC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.23:*:*:*:*:*:*:*","matchCriteriaId":"6D70C6B1-2360-48C9-931D-BAED79151DF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.24:*:*:*:*:*:*:*","matchCriteriaId":"29F79896-3EF0-4F53-8EBC-66D811E2C315"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.25:*:*:*:*:*:*:*","matchCriteriaId":"E2C8AE4F-0473-4B52-8DB4-31022057FD71"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.26:*:*:*:*:*:*:*","matchCriteriaId":"19EF6CC6-7C8D-4199-AB4C-416DEFC203C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.5.27:*:*:*:*:*:*:*","matchCriteriaId":"78CD6AD1-5C8E-4AF4-92CC-CC888479B50C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.2.55:*:*:*:*:*:*:*","matchCriteriaId":"00EFBF77-B771-4A52-B4FF-6346F4B69968"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"B7A0D174-F35C-488B-8577-00EFB7741089"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"9EDC5DA5-F2A7-4819-BB9D-258EB9AB7857"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"27B34D78-C0BC-45DC-AD84-F5F13451ED7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"F3D3A7EC-774C-423F-BDE1-CDCB9433D87B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.4:*:*:*:*:*:*:*","matchCriteriaId":"0B898B95-CF41-4813-8FE7-776BD59A6A9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.5:*:*:*:*:*:*:*","matchCriteriaId":"9F5E5899-5A3F-49A1-B18C-4C97566B87BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.6:*:*:*:*:*:*:*","matchCriteriaId":"C7897EEC-DE43-485A-B2CD-E8623A6D2C8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.7:*:*:*:*:*:*:*","matchCriteriaId":"ACC16FE2-E94E-45B9-94F0-B6434B21DD2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.8:*:*:*:*:*:*:*","matchCriteriaId":"8C8DAE31-CCA9-450D-90E5-B8F0490FB944"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.9:*:*:*:*:*:*:*","matchCriteriaId":"52FEB5C9-0C13-4FD6-876C-AAE7ED4E986C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.10:*:*:*:*:*:*:*","matchCriteriaId":"2337F9F3-D26D-4A24-880A-800CD5C16795"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.11:*:*:*:*:*:*:*","matchCriteriaId":"31F71BA3-5402-448E-9068-EB0DCA1D62EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.12:*:*:*:*:*:*:*","matchCriteriaId":"5418D311-FC7D-4B46-950B-17094775D9D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.13:*:*:*:*:*:*:*","matchCriteriaId":"AD67323A-8463-4B8F-B370-40C2ACFF4D8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.14:*:*:*:*:*:*:*","matchCriteriaId":"2BBA4F43-0FD0-4D7D-84A0-37C8E79B9B29"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.15:*:*:*:*:*:*:*","matchCriteriaId":"71E01CC8-1C29-4C46-8213-B48A2364CE8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.16:*:*:*:*:*:*:*","matchCriteriaId":"89FCEBCA-0AFB-42FB-9BB5-CB4EE7C38336"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.17:*:*:*:*:*:*:*","matchCriteriaId":"62B29838-8B2F-41AA-A654-58255C4D1EC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.18:*:*:*:*:*:*:*","matchCriteriaId":"480007D1-0121-4966-9995-9E491848681A"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.19:*:*:*:*:*:*:*","matchCriteriaId":"162CF84D-0B1B-4920-B2F8-C812CA3DF18B"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.20:*:*:*:*:*:*:*","matchCriteriaId":"21F23388-AFDC-4D1B-A7C1-54932F756867"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.21:*:*:*:*:*:*:*","matchCriteriaId":"323FFAF9-7A94-4210-BB0B-5A4A48AA39F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.22:*:*:*:*:*:*:*","matchCriteriaId":"4BDCAB06-4B2E-4906-8212-C5D96B4973CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.23:*:*:*:*:*:*:*","matchCriteriaId":"F6F7BD7C-5A00-4E08-A60B-9D73ECD6BC93"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.24:*:*:*:*:*:*:*","matchCriteriaId":"2D4073D2-BCC9-45CE-AF91-849E28F8ACEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.25:*:*:*:*:*:*:*","matchCriteriaId":"FE88B539-402F-40BB-A3D9-910E551037CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:libpng:libpng:1.6.26:*:*:*:*:*:*:*","matchCriteriaId":"E9413615-7505-451D-989A-36724A38E3F0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/29/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/30/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95157","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-74","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3712-1/","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3712-2/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/29/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/30/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95157","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-74","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3712-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3712-2/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2217","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret."},{"lang":"es","value":"La implementación de direcciones OpenSSL en Socat 1.7.3.0 y 2.0.0-b8 no utiliza un número primo para el DH, lo que facilita a los atacantes remotos obtener el secreto compartido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dest-unreach:socat:1.7.3.0:*:*:*:*:*:*:*","matchCriteriaId":"E2E98265-AE64-4C62-A138-370C7A30E39A"},{"vulnerable":true,"criteria":"cpe:2.3:a:dest-unreach:socat:2.0.0:b8:*:*:*:*:*:*","matchCriteriaId":"6AFF8CA8-2FD9-48A9-B8BB-B1FE26D48865"}]}]}],"references":[{"url":"http://www.dest-unreach.org/socat/contrib/socat-secadv7.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/01/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/04/1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-23","source":"cve@mitre.org"},{"url":"http://www.dest-unreach.org/socat/contrib/socat-secadv7.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/01/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/04/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-23","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2399","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.343","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom."},{"lang":"es","value":"El desbordamiento de enteros en la función quicktime_read_pascal en libquicktime 1.2.4 y anteriores permite que atacantes remotos causen una denegación de servicio o posiblemente tengan otro impacto no especificado a través de un átomo de hdlr MP4 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libquicktime:libquicktime:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.4","matchCriteriaId":"3A445F14-A527-4553-8B32-BAB1351E6E6C"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3800","source":"cve@mitre.org"},{"url":"http://www.nemux.org/2016/02/23/libquicktime-1-2-4/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95880","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39487/","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3800","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.nemux.org/2016/02/23/libquicktime-1-2-4/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95880","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/135899/libquicktime-1.2.4-Integer-Overflow.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39487/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2402","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate."},{"lang":"es","value":"OkHttp antes de 2.7.4 y 3.x antes de 3.1.2 permite que los atacantes man-in-the-middle eludan la fijación de certificados enviando una cadena de certificados con un CA no fijado confiable y el certificado fijado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.3","matchCriteriaId":"770E740C-33B8-4A51-B55F-B240F33960BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp3:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A4AD815F-E998-4C8D-B64C-B5C6E0750D3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp3:3.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"D6367344-FB92-46BE-B460-423573309C88"},{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp3:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"37FD7BC3-0E9A-4BFE-9058-8C55A495EF2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp3:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FA32D418-4F2A-4CE8-9AE0-5168B7DDF7A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:squareup:okhttp3:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AA482A17-1951-4725-90C5-CCD39CD4A220"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/10/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/18/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://koz.io/pinning-cve-2016-2402/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","source":"cve@mitre.org"},{"url":"https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/18/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://koz.io/pinning-cve-2016-2402/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://publicobject.com/2016/02/11/okhttp-certificate-pinning-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5026","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory."},{"lang":"es","value":"Hs.py en OnionShare en versiones anteriores a 0.9.1 permite a los usuarios locales modificar el hiddenservice mediante la pre-creación del directorio /tmp/onionshare."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onionshare:onionshare:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.0","matchCriteriaId":"7CE568E2-8107-4BAF-B09E-B88FD72322DE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/23/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90821","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/micahflee/onionshare","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/23/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/micahflee/onionshare","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5434","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file."},{"lang":"es","value":"Libalpm, como se utiliza en pacman 5.0.1, permite a los atacantes remotos causar una denegación de servicio (bucle infinito o lectura fuera de límites) a través de un archivo de firma manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pacman_project:pacman:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"B1C15C4F-2CB9-4A96-A009-8AEE3D72751E"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/11/4","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/14/6","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2020/04/21/9","source":"cve@mitre.org"},{"url":"https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/11/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2020/04/21/9","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.archlinux.org/pipermail/pacman-dev/2016-June/021148.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6167","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.513","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory."},{"lang":"es","value":"Varias vulnerabilidades de rutas de búsqueda no confiables en Putty beta 0.67 permiten a los usuarios locales ejecutar código arbitrario y realizar ataques de secuestro de DLL mediante un archivo troyano (1) UxTheme.dll o (2) ntmarta.dll en el directorio de trabajo actual."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:putty:putty:0.67:beta:*:*:*:*:*:*","matchCriteriaId":"576116A5-C63C-4C3F-9058-916BC0389196"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/538848/100/0/threaded","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036236","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/137742/Putty-Beta-0.67-DLL-Hijacking.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538848/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036236","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://packetstormsecurity.com/files/137742/Putty-Beta-0.67-DLL-Hijacking.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6266","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) host or (2) apikey parameter in a register action, (3) enable parameter in a save_stting action, or (4) host or (5) apikey parameter in a test_connection action."},{"lang":"es","value":"Ccca_ajaxhandler.php en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres shell en (1) el host o (2) el parámetro apikey en una acción de registro, (3) al habilitar un parámetro en una acción save_stting, o (4) el host o (5) parámetro apikey en una acción test_connection."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*","matchCriteriaId":"6EDFD747-231F-4689-BCBD-F91377B5EB1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*","matchCriteriaId":"CF329471-F913-4F88-B5F8-CB0C088AA321"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"E74019C0-01AD-4C0F-9ADE-099D6D7C8013"}]}]}],"references":[{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6267","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) spare_Community, (2) spare_AllowGroupIP, or (3) spare_AllowGroupNetmask parameter to admin_notification.php."},{"lang":"es","value":"SnmpUtils en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en (1) spare_Community, (2) spare_AllowGroupIP o (3) parámetro spare_AllowGroupNetmask para admin_notification.php."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*","matchCriteriaId":"6EDFD747-231F-4689-BCBD-F91377B5EB1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*","matchCriteriaId":"CF329471-F913-4F88-B5F8-CB0C088AA321"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"E74019C0-01AD-4C0F-9ADE-099D6D7C8013"}]}]}],"references":[{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6268","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory."},{"lang":"es","value":"Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2,6 en versiones anteriores a build 2106 y 3,0 en versiones anteriores a build 1330 permite a los usuarios locales de webserv ejecutar código arbitrario con privilegios de root a través de un archivo troyano .war en el directorio Solr webapps."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*","matchCriteriaId":"6EDFD747-231F-4689-BCBD-F91377B5EB1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*","matchCriteriaId":"CF329471-F913-4F88-B5F8-CB0C088AA321"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"E74019C0-01AD-4C0F-9ADE-099D6D7C8013"}]}]}],"references":[{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6269","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.640","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allow remote attackers to read and delete arbitrary files via the tmpfname parameter to (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler.php, (3) log_mgt_ajaxhandler.php or (4) tf parameter to wcs_bwlists_handler.php."},{"lang":"es","value":"Varias vulnerabilidades de salto de directorio en Trend Micro Smart Protection Server 2.5 en versiones anteriores a build 2200, 2.6 en versiones anteriores a build 2106 y 3.0 en versiones anteriores a build 1330 permiten a atacantes remotos leer y borrar archivos arbitrarios a través del parámetro tmpfname para (1) log_mgt_adhocquery_ajaxhandler.php, (2) log_mgt_ajaxhandler .php, (3) log_mgt_ajaxhandler.php o (4) del parámetro tf para wcs_bwlists_handler.php."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.5:*:*:*:*:*:*:*","matchCriteriaId":"6EDFD747-231F-4689-BCBD-F91377B5EB1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:2.6:*:*:*:*:*:*:*","matchCriteriaId":"CF329471-F913-4F88-B5F8-CB0C088AA321"},{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:smart_protection_server:3.0:*:*:*:*:*:*:*","matchCriteriaId":"E74019C0-01AD-4C0F-9ADE-099D6D7C8013"}]}]}],"references":[{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/08/08/trendmicro-sps/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1114913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6270","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.670","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to api/v1/cfg/oauth/save_identify_pfx/."},{"lang":"es","value":"La función handle_certificate de /vmi/manager/engine/management/commands/apns_worker.py en Trend Micro Virtual Mobile Infrastructure en versiones anteriores a 5.1 permite a usuarios autenticados remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en la contraseña de api / v1 / cfg / oauth / save_identify_pfx /."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:virtual_mobile_infrastructure:5.0:*:*:*:*:*:*:*","matchCriteriaId":"2E7D9429-0BD9-4640-8FC2-27171365DDE9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95884","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1115411","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95884","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://qkaiser.github.io/pentesting/trendmicro/2016/10/08/trendmicro-vmi/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://success.trendmicro.com/solution/1115411","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6604","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.700","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382."},{"lang":"es","value":"La desreferencia de puntero NULL en el controlador Samsung Exynos fimg2d para Android L (5.0/5.1) y M(6.0) permite a los atacantes tener un impacto no especificado mediante vectores desconocidos. La ID de Samsung es SVE-2016-6382."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:samsung:exynos_fimg2d:-:*:*:*:*:*:*:*","matchCriteriaId":"387A48A2-82A6-4F0B-9A5C-3F7CF03B654F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/3","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/10","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7798","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.747","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism."},{"lang":"es","value":"La openssl gem para Ruby utiliza el mismo vector de inicialización (IV) en el modo GCM (aes - * - gcm) cuando el IV se establece en versiones anteriores a la clave, lo que facilita que los atacantes dependiendo del contexto eludan el mecanismo de protección del cifrado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ruby-lang:openssl:*:*:*:*:*:ruby:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"5A99A902-22BC-4E8A-92CD-58A7ABA19A5E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/19/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93031","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ruby/openssl/issues/49","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3966","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/19/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/30/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93031","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ruby/openssl/issues/49","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3966","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9119","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.780","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en el link de diálogo en el editor de GUI en MoinMoin en versiones anteriores a 1.9.8 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios mediante vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moinmo:moinmoin:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.7","matchCriteriaId":"086EEE1C-2D4E-4C4E-B1E9-362CF133C034"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*","matchCriteriaId":"1AFB20FA-CB00-4729-AB3A-816454C6D096"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3715","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94501","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3137-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://moinmo.in/SecurityFixes","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3715","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94501","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3137-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://moinmo.in/SecurityFixes","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9132","sourceIdentifier":"cve@mitre.org","published":"2017-01-30T22:59:00.827","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Botan 1.8.0 through 1.11.33, when decoding BER data an integer overflow could occur, which would cause an incorrect length field to be computed. Some API callers may use the returned (incorrect and attacker controlled) length field in a way which later causes memory corruption or other failure."},{"lang":"es","value":"En Botan 1.8.0 hasta la versión 1.11.33, al decodificar datos BER podría producirse un desbordamiento de enteros, lo que causaría que se calculara un campo de longitud incorrecto. Algunos llamadores API pueden utilizar el campo de longitud devuelto (incorrecto y manipulado por el atacante) de manera que posteriormente provoque daños en la memoria u otro error."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"4BCF05C1-B8BF-42E9-9CF9-2A8D710982D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"D5302F3D-0392-4F2A-B15F-46DE815FE91C"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"3F74B3CE-B979-4A44-9F63-F2D7FBDEBE2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"6D479AB3-10E2-4FA8-97FF-A5A3C4FD2F55"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"5120C5CC-612F-4F23-83EF-E06E051E26A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"C5292018-AD4A-4DE7-90A4-F0DA78302F1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.6:*:*:*:*:*:*:*","matchCriteriaId":"C824B62A-1C3B-4762-BEE3-600E8DCEC4A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.7:*:*:*:*:*:*:*","matchCriteriaId":"AE2DAB5C-EAC8-4913-9C6B-C93445F42C70"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.8:*:*:*:*:*:*:*","matchCriteriaId":"F65C22FE-9D9C-4214-B410-83D4B0EB8B7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.9:*:*:*:*:*:*:*","matchCriteriaId":"5FBF11BE-4128-4F4C-A1EA-C4FC82BEF896"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.10:*:*:*:*:*:*:*","matchCriteriaId":"E8348638-75EE-4F93-BDB9-D83FC49D4A27"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.11:*:*:*:*:*:*:*","matchCriteriaId":"A64335FF-84CB-4173-AB78-724D73A52FE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.12:*:*:*:*:*:*:*","matchCriteriaId":"C7BA8902-B598-4847-817A-D6C5EBC82B5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.13:*:*:*:*:*:*:*","matchCriteriaId":"C34C78DE-81B6-4E23-A9EF-26F5F5247448"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.14:*:*:*:*:*:*:*","matchCriteriaId":"AFB8A484-388A-4250-8562-4EFD93BD29CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.8.15:*:*:*:*:*:*:*","matchCriteriaId":"B612B014-45E0-4140-BAD5-4F694BB92E8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.0:*:*:*:*:*:*:*","matchCriteriaId":"25ECCD5D-5066-493A-BEEB-8E0EE19A4CE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.1:*:*:*:*:*:*:*","matchCriteriaId":"ED317B05-C7BE-475B-A114-D5ECF5DCB300"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.2:*:*:*:*:*:*:*","matchCriteriaId":"449C1438-4EA5-49F8-A8B8-2D7D7771B384"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.3:*:*:*:*:*:*:*","matchCriteriaId":"D0A9B801-7244-4FD4-9DF3-7CC774D9F0EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.4:*:*:*:*:*:*:*","matchCriteriaId":"A3A10143-2149-41A5-B8A5-7A23973605C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.5:*:*:*:*:*:*:*","matchCriteriaId":"AA0D0FD2-B645-4AA7-A132-1C59E9BB5EBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.6:*:*:*:*:*:*:*","matchCriteriaId":"E1A76C74-5B6F-4351-8D14-E91ABF80AC30"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.7:*:*:*:*:*:*:*","matchCriteriaId":"A691B863-A0A0-4F83-A63B-275100630D3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.8:*:*:*:*:*:*:*","matchCriteriaId":"1C709FA5-154C-4AAB-BF76-8772932FCE78"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.9:*:*:*:*:*:*:*","matchCriteriaId":"3E06F7D8-7CF6-485C-B1CE-09F01C84F816"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.10:*:*:*:*:*:*:*","matchCriteriaId":"27E0B1DD-7FA4-4027-8354-C5A32E01E52A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.11:*:*:*:*:*:*:*","matchCriteriaId":"C2C399DB-10C9-40AF-8B09-203F24B2372F"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.12:*:*:*:*:*:*:*","matchCriteriaId":"055D4788-0AB3-41B9-B29D-4D01ACBA53E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.13:*:*:*:*:*:*:*","matchCriteriaId":"7E30BBE7-A70F-41EF-A24B-B9F98671EE63"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.14:*:*:*:*:*:*:*","matchCriteriaId":"F7052BEA-DBAE-49B2-8B8F-813CBD90C7D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.15:*:*:*:*:*:*:*","matchCriteriaId":"8751657C-7429-48C6-80DA-5C357C1A7900"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.16:*:*:*:*:*:*:*","matchCriteriaId":"2AA21B4F-5540-4ABB-BE98-472E5AF56AA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.17:*:*:*:*:*:*:*","matchCriteriaId":"085082D9-B570-477B-8CC5-165733CD0879"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.9.18:*:*:*:*:*:*:*","matchCriteriaId":"F25057AB-216F-4935-A91C-2F7DCB23F467"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.0:*:*:*:*:*:*:*","matchCriteriaId":"9BF9AE6F-F5F5-407E-B9F9-6805007FF0C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.1:*:*:*:*:*:*:*","matchCriteriaId":"4208C6E7-E8F8-4BBF-82E5-667A836874FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.2:*:*:*:*:*:*:*","matchCriteriaId":"12524EA6-8829-4EA2-9FD0-BB5689B96CCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.3:*:*:*:*:*:*:*","matchCriteriaId":"28BAD0B6-C730-4E0A-AB96-D2135EB8EF9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.4:*:*:*:*:*:*:*","matchCriteriaId":"0CC905D6-E6B5-41AA-83DA-F8A181ADB32C"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.5:*:*:*:*:*:*:*","matchCriteriaId":"99607C87-A1B9-4F3E-9CA7-6E36BF489CB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.6:*:*:*:*:*:*:*","matchCriteriaId":"9C2C1C03-18DF-48CD-A170-37FAD0AC2CD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.7:*:*:*:*:*:*:*","matchCriteriaId":"EB87A46C-27E5-4529-95A8-39A390638F66"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.8:*:*:*:*:*:*:*","matchCriteriaId":"C4B55AB6-85CF-4000-A8BC-76E489371FC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.9:*:*:*:*:*:*:*","matchCriteriaId":"49D189C3-3162-483C-BB86-614D7078B761"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.10:*:*:*:*:*:*:*","matchCriteriaId":"91A7E942-348E-4E92-9916-DA3C9C79F85A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.11:*:*:*:*:*:*:*","matchCriteriaId":"A5C1AAF6-6DB1-496A-9DB6-C1BF2E8C0495"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.12:*:*:*:*:*:*:*","matchCriteriaId":"C350F9C0-4D81-4824-A932-36419DA6C813"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.13:*:*:*:*:*:*:*","matchCriteriaId":"747ED001-1391-4B64-A409-686BE638C266"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.14:*:*:*:*:*:*:*","matchCriteriaId":"B468E305-F29B-4794-80AD-708067CAD59F"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.10.15:*:*:*:*:*:*:*","matchCriteriaId":"5743A6CF-5ED6-41AF-9442-917E94BA49BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"C098FACD-8EDB-4A97-BA9F-39472F400F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","matchCriteriaId":"FA1B306E-BCD0-4839-9D20-921BA5BEB1B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","matchCriteriaId":"C30E1A6A-5944-4D82-8EFB-67639E9BE246"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","matchCriteriaId":"92649934-B0EB-4D27-AA54-760E7832E70B"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","matchCriteriaId":"5F80D802-D5AD-4A41-B5A3-23B7AE923053"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","matchCriteriaId":"5F809C01-0A6E-4EDD-B9C1-6B1B41368B5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","matchCriteriaId":"7C8582CD-E9CE-4A56-83D2-33CFBC4BBE2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","matchCriteriaId":"46EAF817-CCF2-40C3-A556-BA17895165DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","matchCriteriaId":"92649146-62FC-4984-A726-18C9468240F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","matchCriteriaId":"B4928BBB-AD18-4EA5-98E4-9CB3CC75376E"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","matchCriteriaId":"229A6D01-3882-4F3F-92F5-517F79644480"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","matchCriteriaId":"B0699917-881B-4BA3-9D88-0ED47954DEA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","matchCriteriaId":"0BCDCE72-44D7-442C-AF2A-EDC9E39126D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","matchCriteriaId":"D55DBFAF-48C1-412C-B56D-EBD7EC82588A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","matchCriteriaId":"2EBAC97E-B04F-48EA-87C8-62FD14B0E759"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","matchCriteriaId":"4A00B6F0-7DCC-46D4-818A-F17BFAF18E9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","matchCriteriaId":"61529353-E862-44AD-84EC-778B65C88112"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","matchCriteriaId":"B683D891-9A15-40F5-82B0-5B16359330F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","matchCriteriaId":"F3EE4374-31D9-4E68-A700-AFF590F37283"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","matchCriteriaId":"7F536ECD-C3D9-4997-A936-7E415A670E69"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","matchCriteriaId":"CF026C4E-FEAE-47A1-A3CA-330DBE6250ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","matchCriteriaId":"BA36F817-A50B-40E6-811B-B331BA2229A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","matchCriteriaId":"FD7CD5BD-2938-4C79-95A7-96AC1BB037A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","matchCriteriaId":"49D16EDE-885C-450F-85AD-3F49ABA6C340"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","matchCriteriaId":"436B72BE-9E39-46F0-869A-C18B74EB1217"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","matchCriteriaId":"E4107FF3-20B0-4D9D-9555-2022E48D91A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","matchCriteriaId":"C4D0DB79-ABE4-49A7-A194-E1B6007B2719"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*","matchCriteriaId":"7DB4D3A5-4493-4E53-A52D-77D60099DAF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.29:*:*:*:*:*:*:*","matchCriteriaId":"B31BCFA3-67C3-4AAF-A558-902FAFEC3C1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.30:*:*:*:*:*:*:*","matchCriteriaId":"434C1EF2-D18A-4459-AF5B-57858A2C1DA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.31:*:*:*:*:*:*:*","matchCriteriaId":"292DE6D3-FFCF-4BFC-AC2F-F030B291CFF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.32:*:*:*:*:*:*:*","matchCriteriaId":"AA217C5B-E6AF-43F0-84A1-778B0FE3351F"},{"vulnerable":true,"criteria":"cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*","matchCriteriaId":"E6E6A828-A610-4428-AD75-9CA594E06B66"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95879","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95879","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OUDGVRQYQUL7F5MRP3LAV7EHRJG4BBE/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2Y3JLMTE3VIV4X5X6SXVZTJBDDLCS3D/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9249","sourceIdentifier":"f5sirt@f5.com","published":"2017-01-31T15:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS)."},{"lang":"es","value":"Un patrón de tráfico no revelado recibido por un servidor virtual BIG-IP con TCP Fast Open habilitado puede provocar el reinicio de Traffic Management Microkernel (TMM), resultando en una Denegación de Servicio (DoS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A82C7B1C-E195-4D94-B604-78FB464C4F81"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8F6C3144-D0DE-4248-BFCD-04A7E6104044"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3CA2FA6B-3930-432F-8FB5-E73604CEFE42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"ECA90FB8-E2CD-400F-B753-1B482E7FAC96"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"532AAF54-64EF-4852-B4F1-D5E660463704"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"BC827031-CA39-4081-8CE0-30EAC78DF756"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7569903B-3A15-4A10-863B-6828337DD268"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D0EDB8E9-E6FB-406E-B1D3-C620F114804C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"77192AFB-B612-4BAA-916C-3DF8E851CC2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AE295AF6-2B35-467F-8501-B5753CDDE16C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5FC866D4-CE8C-4408-AD1E-8643AC554CC9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"62B0A70A-D101-443E-A543-5EC35E23D66F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2DB2118A-0F9C-4273-BB07-85FEA32C785B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8541C9EF-69A8-4641-B173-3BCE0EDD20A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"524B2D05-508C-47FF-94A0-6CC42060E638"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"55DD7394-BD0A-42FD-A367-827F35397A20"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"98509F74-301A-4D1F-A2B4-B01B80CEFFCA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"4913B437-33FF-4B5E-A855-9DA00B35E3B3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"23FF9627-E561-4CF7-A685-6E33D2F6C98C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"64273A2C-E5A1-4605-92DD-EBECC7F051D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E60CA151-1C3A-45B3-B939-E6F80063C595"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2EE1EEA6-1E25-4A90-91A1-386D19808557"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"16A05340-0AE2-49CA-903F-44383421577E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"583F134E-1616-44F2-8EF0-0CFA5CCEF0AC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95825","source":"f5sirt@f5.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037715","source":"f5sirt@f5.com"},{"url":"https://support.f5.com/csp/article/K71282001","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95825","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037715","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K71282001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10043","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T18:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses. Attackers could execute unauthorized commands, which could then be used to disable the software, or read, write, and modify data for which the attacker does not have permissions to access directly. Since the targeted application is directly executing the commands instead of the attacker, any malicious activities may appear to come from the application or the application's owner (apache user)."},{"lang":"es","value":"Se ha descubierto un problema en Radisys MRF Web Panel (SWMS) 9.0.1. Se ha descubierto que el parámetro MSM_MACRO_NAME POST en /swms/ms.cgi era vulnerable ataques de inyección de comandos del SO. Esto es posible por usar el carácter tubería (|) para inyectar comandos de SO arbitrarios y recuperar la salida en las respuestas de la aplicación. Los atacantes podrían ejecutar comandos no autorizados, lo que podría utilizarse para deshabilitar el software, o leer, escribir y modificar datos para los que el atacante no tiene permisos para acceder directamente. Dado que la aplicación de destino ejecuta directamente los comandos en lugar del atacante, cualquier actividad maliciosa puede parecer que provenga de la aplicación o del propietario de la aplicación (usuario de apache)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mrf:web_panel:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5FF6C45E-432A-4C15-BDDF-4D115C191683"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/41179/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41179/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2050","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T19:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file."},{"lang":"es","value":"La función get_abbrev_array_info en libdwarf-20151114 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo elf manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:2015-11-14:*:*:*:*:*:*:*","matchCriteriaId":"AF8FD0DC-1010-440B-94A4-DA768505F2E8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/19/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/25/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/19/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/25/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-3176","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T19:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient."},{"lang":"es","value":"Salt en versiones anteriores a 2015.5.10 y 2015.8.x en versiones anteriores a 2015.8.8, cuando la autenticación externa de PAM está habilitada, permite a atacantes eludir el servicio de autenticación configurado pasando un servicio alternativo con un comando enviado a LocalClient."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionEndIncluding":"2015.5.9","matchCriteriaId":"7446FC47-56FF-4A51-BD18-5D1850CB7452"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.0:*:*:*:*:*:*:*","matchCriteriaId":"072A1612-9531-4EDC-91E6-4BA8EDB73197"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.1:*:*:*:*:*:*:*","matchCriteriaId":"4FD2D2C8-6675-47BF-9218-940802B6B0E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.2:*:*:*:*:*:*:*","matchCriteriaId":"1C778BCA-9BAA-4711-A331-D231CDA83F78"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.3:*:*:*:*:*:*:*","matchCriteriaId":"46DB7774-ADC3-402E-86DB-D9F5C1E21F53"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.4:*:*:*:*:*:*:*","matchCriteriaId":"DFD0BFE1-3406-47DA-B169-056DAE6F8D49"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.5:*:*:*:*:*:*:*","matchCriteriaId":"99831A40-E83D-4DD9-8917-881C24152926"},{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:2015.8.7:*:*:*:*:*:*:*","matchCriteriaId":"304437DB-0092-4F64-8618-6CCCACF97DA3"}]}]}],"references":[{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5117","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T19:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate."},{"lang":"es","value":"OpenNTPD en versiones anteriores a 6.0p1 no valida el CN para las solicitudes de restricción HTTPS, lo que permite a atacantes remotos eludir las mitigaciones de man-in-the-middle a través de una restricción de marca horaria manipulada con un certificado válido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openntpd:openntpd:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0","matchCriteriaId":"FEFBAEB3-B714-45C5-A12A-3C2D5A811280"}]}]}],"references":[{"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openntpd.org/txt/release-6.0p1.txt","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/23/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/29/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ntpd/constraint.c.diff?r1=1.27&r2=1.28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.openntpd.org/txt/release-6.0p1.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/23/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/29/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6621","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T19:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors."},{"lang":"es","value":"La secuencia de comandos de instalación para phpMyAdmin en versiones anteriores a 4.0.10.19, 4.4.x en versiones anteriores a 4.4.15.10 y 4.6.x en versiones anteriores a 4.6.6 permite a atacantes remotos realizar ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.10.18","matchCriteriaId":"F1DD1A4E-D5B4-45E4-A22D-8F9F7173FA04"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0:*:*:*:*:*:*:*","matchCriteriaId":"13CD0228-728B-437A-84C1-BD7AFA52FFB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"DFF55485-9892-4E7B-AEE0-017E61EAA7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6100FE3E-0A31-4B55-90F2-90AF765A8EB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBAAC8D9-AAA5-487C-B4AA-84BAE5DB109E"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"5E06B1D3-29B4-45B7-B81F-C864AF579011"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"6B2E3923-0E2B-411A-B091-088E6FF050D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"1848C748-804D-4FE4-AB9C-B1BF9E58A19C"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6:*:*:*:*:*:*:*","matchCriteriaId":"12296322-DFAD-4B36-83EC-D01BF5DF7F2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"EA321C14-C8F4-41FC-B601-2F646064ABBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7:*:*:*:*:*:*:*","matchCriteriaId":"54DBCF86-0CE8-46C4-B2E7-E3224765CCFE"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8:*:*:*:*:*:*:*","matchCriteriaId":"1BF3DBC5-7020-48D0-ADEA-E71776DB2285"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9:*:*:*:*:*:*:*","matchCriteriaId":"317F952E-5F12-4ED3-8FA3-FC1106B50F85"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10:*:*:*:*:*:*:*","matchCriteriaId":"87B97F98-C0A7-4D9E-8333-7EE9EC456A12"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11:*:*:*:*:*:*:*","matchCriteriaId":"7A1E753D-5653-4D7A-8E41-6C02511EBFCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12:*:*:*:*:*:*:*","matchCriteriaId":"417230C7-0EC2-49F4-B810-A8AE84A302AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13:*:*:*:*:*:*:*","matchCriteriaId":"103FEAB1-194E-4CEF-935A-4DBCCA298205"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1:*:*:*:*:*:*:*","matchCriteriaId":"C5814003-9FF8-4F8E-9D90-A2BBB80B8451"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1:*:*:*:*:*:*:*","matchCriteriaId":"16D28B77-9353-4259-9299-30638A78CCD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15:*:*:*:*:*:*:*","matchCriteriaId":"C022292B-6E06-4328-842F-135A872D22AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.1:*:*:*:*:*:*:*","matchCriteriaId":"F15F00FB-BB9B-4D54-B198-0A74D418B8DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.2:*:*:*:*:*:*:*","matchCriteriaId":"DC10AF20-7B65-4FAE-A2AD-783867D60A8D"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.3:*:*:*:*:*:*:*","matchCriteriaId":"4EB7190C-0401-4E2E-B15F-4CFC79D5A4E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.4:*:*:*:*:*:*:*","matchCriteriaId":"4BED20D9-C571-4BC5-9A54-450A364C6E43"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.5:*:*:*:*:*:*:*","matchCriteriaId":"2A2B646D-DDFC-4CB2-B7F4-0C33AF18D14F"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.6:*:*:*:*:*:*:*","matchCriteriaId":"9CBF68B2-2BCF-4EEB-8A7C-D83DCAF1AFB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.8:*:*:*:*:*:*:*","matchCriteriaId":"74C191A5-3316-4A34-8B37-64D6DD616CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15.9:*:*:*:*:*:*:*","matchCriteriaId":"09D97993-070A-4D32-B560-38AF28C87A59"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"C641F362-D37D-47CB-BE6C-36E5F116F844"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"A0EA8819-70F8-48DC-8667-6CF25E7D9C53"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc1:*:*:*:*:*:*","matchCriteriaId":"DD2796DA-3E74-4765-90D1-783849C7A44C"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.0:rc2:*:*:*:*:*:*","matchCriteriaId":"4024DA77-BFE4-48C6-A2AF-46003071BDE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"85631B69-7060-42D1-AE24-466BA10EB390"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.2:*:*:*:*:*:*:*","matchCriteriaId":"E62EDC79-47AA-4CED-AB7F-1E4D158EB653"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"230D3D61-B090-49FA-91B1-9FA4DD2C6209"},{"vulnerable":true,"criteria":"cpe:2.3:a:phpmyadmin:phpmyadmin:4.6.5:*:*:*:*:*:*:*","matchCriteriaId":"33130418-95AC-41D2-B8B0-A107C9CABCFB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95914","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","source":"cve@mitre.org"},{"url":"https://www.phpmyadmin.net/security/PMASA-2016-44/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95914","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.phpmyadmin.net/security/PMASA-2016-44/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9039","sourceIdentifier":"talos-cna@cisco.com","published":"2017-01-31T21:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service."},{"lang":"es","value":"Existe una denegación de servicio explotable en el sistema de archivos Hyprlofs de Joyent SmartOS 20161110T013148Z. La vulnerabilidad está presente en la llamada al sistema Ioctl con el comando HYPRLOFS_ADD_ENTRIES. Un atacante puede hacer que se asigne un búfer y nunca se libere. Cuando se explota repetidamente esto resultará en el agotamiento de la memoria, resultando en una denegación de servicio del sistema completo"}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:joyent:smartos:20161110t013148z:*:*:*:*:*:*:*","matchCriteriaId":"F6541483-AB66-4279-9C32-12B8E9ED4A10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95916","source":"talos-cna@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0257/","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95916","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0257/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-8973","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password."},{"lang":"es","value":"xmlhttp.php en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permite a atacantes remotos eludir las restricciones de acceso previstas a través de vectores relacionados con la contraseña del foro."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.5","matchCriteriaId":"22907EC0-5A2D-4DCF-B887-8FA311B3D4E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.17","matchCriteriaId":"2FF6F484-A280-45A6-BB5E-B923339B7109"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"E697D13C-5594-491B-B911-3B4BEA00AFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"00724054-858F-4322-8BE5-F6929CC2CAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"95998F68-1F16-4FEA-BDE3-957235D04881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"927F9547-773B-4F2C-8870-AA3672EEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"6817FA9E-51B7-4ADE-86E2-E9F559A585EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8974","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en el módulo Group Promotions en el panel de control de administrador en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.5","matchCriteriaId":"22907EC0-5A2D-4DCF-B887-8FA311B3D4E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.17","matchCriteriaId":"2FF6F484-A280-45A6-BB5E-B923339B7109"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"E697D13C-5594-491B-B911-3B4BEA00AFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"00724054-858F-4322-8BE5-F6929CC2CAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"95998F68-1F16-4FEA-BDE3-957235D04881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"927F9547-773B-4F2C-8870-AA3672EEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"6817FA9E-51B7-4ADE-86E2-E9F559A585EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8975","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en el manejador de errores en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"84DB6EE0-4972-434D-9C89-7BD9EB4896B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.17","matchCriteriaId":"2FF6F484-A280-45A6-BB5E-B923339B7109"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"E697D13C-5594-491B-B911-3B4BEA00AFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"00724054-858F-4322-8BE5-F6929CC2CAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"95998F68-1F16-4FEA-BDE3-957235D04881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"927F9547-773B-4F2C-8870-AA3672EEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"6817FA9E-51B7-4ADE-86E2-E9F559A585EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8976","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via vectors related to \"old upgrade files.\""},{"lang":"es","value":"Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con \"archivos antiguos de actualización\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"84DB6EE0-4972-434D-9C89-7BD9EB4896B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.17","matchCriteriaId":"2FF6F484-A280-45A6-BB5E-B923339B7109"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"E697D13C-5594-491B-B911-3B4BEA00AFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"00724054-858F-4322-8BE5-F6929CC2CAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"95998F68-1F16-4FEA-BDE3-957235D04881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"927F9547-773B-4F2C-8870-AA3672EEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"6817FA9E-51B7-4ADE-86E2-E9F559A585EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"cve@mitre.org"},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8977","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files."},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.6.18 y 1.8.x en versiones anteriores a 1.8.6 y MyBB Merge System en versiones anteriores a 1.8.6 permiten a atacantes remotos obtener la ruta de instalación a través de vectores que involucran archivos de registro de errores."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.5","matchCriteriaId":"22907EC0-5A2D-4DCF-B887-8FA311B3D4E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.17","matchCriteriaId":"2FF6F484-A280-45A6-BB5E-B923339B7109"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"E697D13C-5594-491B-B911-3B4BEA00AFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"00724054-858F-4322-8BE5-F6929CC2CAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"95998F68-1F16-4FEA-BDE3-957235D04881"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"927F9547-773B-4F2C-8870-AA3672EEC7CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"6817FA9E-51B7-4ADE-86E2-E9F559A585EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"667EFFF1-E5C1-4124-BD0B-D4244FAECE15"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94397","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2015/09/07/mybb-1-8-6-1-6-18-merge-system-1-8-6-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6285","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."},{"lang":"es","value":"Vulnerabilidad XSS en includes/decorators/global-translations.jsp en Atlassian JIRA en versiones anteriores a 7.2.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del encabezado HTTP Host."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.1","matchCriteriaId":"009D0E80-6F30-43A1-99F7-B7DE7A69AFA2"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/41","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95913","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/140548/Atlassian-Jira-7.1.7-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/41","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://confluence.atlassian.com/adminjira/jira-platform-releases/jira-7-2-x-platform-release-notes#JIRA7.2.xplatformreleasenotes-7-2-2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://jira.atlassian.com/browse/JRA-61888?src=confmacro&_ga=1.139403892.63283854.1485351777","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6329","sourceIdentifier":"secalert@redhat.com","published":"2017-01-31T22:59:00.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a \"Sweet32\" attack."},{"lang":"es","value":"OpenVPN, cuando utiliza un cifrado de bloques de 64 bits, facilita a atacantes remotos obtener datos de texto plano a través de un ataque birthday contra una sesión encriptada de larga duración, como lo demuestra una sesión HTTP-over-OpenVPN usando Blowfish en modo CBC, también conocido como ataque \"Sweet32\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openvpn:openvpn:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.14","matchCriteriaId":"2B92389B-7815-40EC-AA21-14154621BFAC"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697","source":"secalert@redhat.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92631","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036695","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","source":"secalert@redhat.com"},{"url":"https://community.openvpn.net/openvpn/wiki/SWEET32","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-02","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://sweet32.info/","source":"secalert@redhat.com","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.openvpn.net/openvpn/wiki/SWEET32","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201611-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://sweet32.info/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8685","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image."},{"lang":"es","value":"La función findnext en decompose.c en potrace 1.13 permite a atacantes remotos provocar una denegación de servicio (acceso a la memoria no válida y caída) a través de una imagen BMP manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/17","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93470","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93470","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8686","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure."},{"lang":"es","value":"La función bm_new en bitmap.h en potrace 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93777","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93777","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8694","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8695 and CVE-2016-8696."},{"lang":"es","value":"La función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a los atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8695 y CVE-2016- 8696."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8695","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8696."},{"lang":"es","value":"La función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8694 y CVE-2016- 8696."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8696","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted BMP image, a different vulnerability than CVE-2016-8694 and CVE-2016-8695."},{"lang":"es","value":"La función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a los atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8694 y CVE-2016- 8695."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8697","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bm_new function in bitmap.h in potrace before 1.13 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted BMP image."},{"lang":"es","value":"La función bm_new en bitmap.h en potrace en versiones anteriores a 1.13 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y caída) a través de una imagen BMP manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8698","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.687","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702 y CVE-2016-8703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8699","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702 y CVE-2016-8703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8700","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.783","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8698, CVE-2016-8699, CVE-2016-8701, CVE-2016-8702 y CVE-2016-8703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8701","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.830","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702 y CVE-2016-8703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8702","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.877","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8703."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701 y CVE-2016-8703."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8703","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.923","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701, and CVE-2016-8702."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función bm_readbody_bmp en bitmap_io.c en potrace en versiones anteriores a 1.13 permite a atacantes remotos tener un impacto no especificado a través de una imagen BMP manipulada, una vulnerabilidad diferente a CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8701 y CVE-2016-8702."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:potrace_project:potrace:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12","matchCriteriaId":"A3C47CCF-BB63-4362-A74F-61A3603F0092"}]}]}],"references":[{"url":"http://potrace.sourceforge.net/ChangeLog","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://potrace.sourceforge.net/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93778","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9260","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:00.970","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files."},{"lang":"es","value":"Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9 permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarias a través de vectores relacionados con el manejo de archivos .nessus."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*","versionEndIncluding":"6.8.1","matchCriteriaId":"D6CE25CB-463B-4148-A3A0-2C507BB14EC4"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN12796388/index.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95772","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2016-16","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://jvn.jp/en/jp/JVN12796388/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000013.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95772","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2016-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9402","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.017","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in the moderation tool in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en la herramienta de moderación en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9403","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.063","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check."},{"lang":"es","value":"newreply.php en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a atacantes remotos tener un impacto no especificado al aprovechar una comprobación de permiso perdida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9404","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.093","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login."},{"lang":"es","value":"Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores relacionados con el inicio de sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9405","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en la validación de miembros en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9406","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en el panel de control de User en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9407","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs."},{"lang":"es","value":"Vulnerabilidad de XSS en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican registros de panel de control Mod."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9408","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users."},{"lang":"es","value":"Vulnerabilidad de XSS en el panel de control Mod en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican a usuarios de edición."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9409","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs."},{"lang":"es","value":"Vulnerabilidad de XSS en el panel de control de Admin en MyBB (aka MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican registros de poda."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9410","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates."},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 pueden permitir a atacantes remotos obtener información sensible de la base de datos a través de vectores relacionados con plantillas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9411","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails."},{"lang":"es","value":"El panel de control Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a los atacantes remotos obtener la ruta de instalación a través de vectores que implican el envío de correos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9412","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow attackers to have unspecified impact via vectors related to low adminsid and sid entropy."},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permiten a atacantes tener un impacto no especificado a través de vectores relacionados con la baja entropía adminsid y sid."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9413","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.453","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to conduct clickjacking attacks via unspecified vectors."},{"lang":"es","value":"El panel de control Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permite a los atacantes remotos realizar ataques de secuestro de clic a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9414","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories."},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.7 y MyBB Merge System en versiones anteriores a 1.8.7 permiten a atacantes remotos obtener información sensible aprovechando la protección de la lista de directorios ausentes en los directorios de subida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"716986AC-5E6D-4DDD-A553-B88981BDE788"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.6","matchCriteriaId":"2212E819-C064-4963-BCD2-214F09A46902"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94395","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/03/11/mybb-1-8-7-merge-system-1-8-7-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9415","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to \"style import.\""},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 en Windows y MyBB Merge System en versiones anteriores a 1.8.8 en Windows permiten a atacantes remotos sobrescribir archivos CSS arbitrarios a través de vectores relacionados con \"importar estilo\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9416","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en el manejador de datos de usuarios en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9417","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors."},{"lang":"es","value":"La función fetch_remote_file en MyBB (también conocida como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a atacantes remotos llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9418","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.640","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name."},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 en Windows y MyBB Merge System en versiones anteriores a 1.8.8 en Windows podrían permitir a atacantes remotos obtener información sensible de las copias de seguridad de ACP a través de vectores que implican un nombre corto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9419","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.673","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en el panel de control de Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permite a los atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org"},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9420","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allow remote attackers to have unspecified impact via vectors related to \"loose comparison false positives.\""},{"lang":"es","value":"MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 permiten a atacantes remotos tener un impacto no especificado a través de vectores relacionados con \"comparación suelta de falsos positivos\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9421","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.750","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en el módulo Users en el panel de control de Admin en MyBB (también conocido como MyBulletinBoard) en versiones anteriores a 1.8.8 y MyBB Merge System en versiones anteriores a 1.8.8 podrían permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:merge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"FC4E25F3-7C9D-45E3-8330-961A56BC3C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.7","matchCriteriaId":"78D16782-41C7-4001-8DD1-C7A09B347733"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/10/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94396","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9962","sourceIdentifier":"cve@mitre.org","published":"2017-01-31T22:59:01.783","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"RunC allowed additional container processes via 'runc exec' to be ptraced by the pid 1 of the container.  This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container."},{"lang":"es","value":"RunC permitió procesos de contenedores adicionales a través de 'runc exec' para ser ptraced por el pid 1 del contenedor. Esto permite a los principales procesos del contenedor, si se ejecutan como root, obtener acceso a los descriptores de archivo de estos nuevos procesos durante la inicialización y puede conducir a escapes de contenedores o modificación del estado de runC antes de que el proceso sea totalmente ubicado dentro del contenedor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*","versionStartIncluding":"1.11.0","versionEndExcluding":"1.12.6","matchCriteriaId":"53E74F64-38C7-4907-9C6F-954CE37CEF24"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0116.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0123.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0127.html","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2017/Jan/21","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/29","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/540001/100/0/threaded","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95361","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/security/vulnerabilities/cve-2016-9962","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/docker/docker/releases/tag/v1.12.6","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-34","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0116.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0123.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0127.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://seclists.org/fulldisclosure/2017/Jan/21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Jan/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/540001/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95361","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/security/vulnerabilities/cve-2016-9962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/docker/docker/releases/tag/v1.12.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3823","sourceIdentifier":"psirt@cisco.com","published":"2017-02-01T11:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser."},{"lang":"es","value":"Se descubrió un problema en Cisco WebEx Extension en versiones anteriores a 1.0.7 en Google Chrome, el ActiveTouch General Pluging Container en versiones anteriores a 106 en Mozilla Firefox, el plugin de control GpcContainer Class Active X en versiones anteriores a 2.1.0.10 en Internet Explorer. Una vulnerabilidad en las extensiones del navegador CiscoWebEx podría permitir a un atacante remoto no autenticado ejecutar código arbitrario con privilegios del navegador afectado en el sistema afectado. Esta vulnerabilidad afecta a las extensiones del navegador para Cisco WebEx Meetings Server y Cisco WebEx Centers (Meeting Center, Event Center, Training Center, y Support Center) cuando se ejecutan en Microsoft Windows. La vulnerabilidad es un defecto de diseño del intérprete de respuesta de una interfaz de programación de aplicaciones (API) dentro de la extensión. Un atacante que pueda convencer al usuario afectado para visitar una página web controlada por un hacker o a pulsar un enlace proporcionado por un atacante con un navegador afectado puede explotar la vulnerabilidad. Si tiene éxito, el atacante puede ejecutar código arbitrario con los privilegios del navegador afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:activetouch_general_plugin_container:105:*:*:*:*:firefox:*:*","matchCriteriaId":"7C4F4E52-9923-47E0-8990-8DB3761C724F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:download_manager:2.1.0.9:*:*:*:*:internet_explorer:*:*","matchCriteriaId":"8E2D077D-DB25-4D10-A4DD-7E55CD7B6050"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:gpccontainer_class:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"10031.6.2017.0125","matchCriteriaId":"E7F1F1F5-E057-42F2-878B-CD62E4B7D4E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex:*:*:*:*:*:chrome:*:*","versionEndIncluding":"1.0.6","matchCriteriaId":"E1B0BEA6-F4C4-4A54-AFF8-E16B4C110AED"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_base:*:*:*:*:*:*:*","matchCriteriaId":"80B9A3E8-DD9D-451B-81A4-BADA16512845"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr2:*:*:*:*:*:*:*","matchCriteriaId":"5E84A595-4A33-4FA1-AF86-DFCBECAB8D43"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr3:*:*:*:*:*:*:*","matchCriteriaId":"56F6DDAE-BD36-4D8D-BC48-DD229F33125A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr4:*:*:*:*:*:*:*","matchCriteriaId":"2010E860-9DA9-4706-BEE7-7521BCBC5E05"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr5:*:*:*:*:*:*:*","matchCriteriaId":"EC1C2055-272B-403A-9BF8-5FA8CFBC933D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr6:*:*:*:*:*:*:*","matchCriteriaId":"346A7C39-AF2E-499F-B77E-0F80787D268E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr7:*:*:*:*:*:*:*","matchCriteriaId":"98825256-4520-473B-AC9F-F74B9D95DD0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:*:*:*:*:*:*:*","matchCriteriaId":"913EC8D3-A9A3-4FC6-B2FD-87003F985F6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr8:p1:*:*:*:*:*:*","matchCriteriaId":"DB03D1C7-F4BA-4B0E-814F-3C43395AC928"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:*:*:*:*:*:*:*","matchCriteriaId":"339D371C-57FF-43AD-97DB-A8FA9ADCB796"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p1:*:*:*:*:*:*","matchCriteriaId":"2F0B9AE4-75B8-43BC-B66B-0ABE6C21599F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p2:*:*:*:*:*:*","matchCriteriaId":"09EB75CC-8EBD-49D2-B986-CB83D2742A84"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.0_mr9:p3:*:*:*:*:*:*","matchCriteriaId":"DF450A53-1F3F-415C-90C5-E43E9A37197F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_base:*:*:*:*:*:*:*","matchCriteriaId":"9F4AF5A4-1B99-43F8-A659-7C57B033F2A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr1:*:*:*:*:*:*:*","matchCriteriaId":"2F492431-5AE7-439F-81F1-B96EAD773E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:*:*:*:*:*:*:*","matchCriteriaId":"2EC640D5-C840-4ABB-BD22-9B60BBFE8DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr2:p1:*:*:*:*:*:*","matchCriteriaId":"3C438DB1-1761-4C1B-A6DD-AD84853C5755"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr3:*:*:*:*:*:*:*","matchCriteriaId":"FEB2094F-B0E1-4129-BFD6-9FE1687B0AA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr4:*:*:*:*:*:*:*","matchCriteriaId":"16B75EA6-516D-4550-B83D-E0EFDAA25208"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:*:*:*:*:*:*:*","matchCriteriaId":"48A2A712-E8FD-460F-9A3C-3760082B8920"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr5:p1:*:*:*:*:*:*","matchCriteriaId":"EDB5ECBA-051E-4500-9B8C-82479D45164D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:*:*:*:*:*:*:*","matchCriteriaId":"8F6F5080-355B-4A85-8DF4-D75D6A550C6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p1:*:*:*:*:*:*","matchCriteriaId":"CBDFC81E-CA80-4E31-B839-A98FAB4F92A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p2:*:*:*:*:*:*","matchCriteriaId":"23A09CF0-9C9B-4FBF-9AEC-285002175F52"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.5_mr6:p3:*:*:*:*:*:*","matchCriteriaId":"69BC1C33-550D-405E-860B-35F301B8B2D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_base:*:*:*:*:*:*:*","matchCriteriaId":"21E55CCE-2B52-4865-8C63-7E6C779C20D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:*:*:*:*:*:*:*","matchCriteriaId":"9881CF16-F617-48DA-8CB8-08C3D943CCD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr1:p1:*:*:*:*:*:*","matchCriteriaId":"8D743715-37BA-4169-9C91-3BD5E28694F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:*:*:*:*:*:*:*","matchCriteriaId":"4FFFB01B-1B4F-4072-A68C-98C538DE34ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr2:p1:*:*:*:*:*:*","matchCriteriaId":"47B6F991-49EC-444F-8883-A57C37E8BA29"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:*:*:*:*:*:*:*","matchCriteriaId":"9309C030-2F02-4E7E-B3E3-035B93DD1E0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.6_mr3:p1:*:*:*:*:*:*","matchCriteriaId":"A58843EB-A2C0-4034-967F-502A52DCC351"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7_base:*:*:*:*:*:*:*","matchCriteriaId":"30ECA8FE-D587-4692-AA90-9706E44BAC1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:*:*:*:*:*:*:*","matchCriteriaId":"6DCD22A8-7E04-4782-AEB2-07878925A2AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr1:p1:*:*:*:*:*:*","matchCriteriaId":"FF7208EC-0255-462E-B5DE-9D5617D8C20D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meetings_server:2.7_mr2:*:*:*:*:*:*:*","matchCriteriaId":"396253A5-EC5F-429B-ABF3-20CB0A56E658"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_base:*:*:*:*:*:*:*","matchCriteriaId":"6589E647-4E17-44A9-A6C6-483C541E4095"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:*:*:*:*:*:*:*","matchCriteriaId":"6AFFA393-E70D-41C2-BB2D-147F8A6DFBBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr1:p1:*:*:*:*:*:*","matchCriteriaId":"815D810A-003F-4D8F-B368-CC28152E60B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:*:*:*:*:*:*:*","matchCriteriaId":"28D63C8E-4EDE-4CAF-B7F6-9CB46AFE0664"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr2:p1:*:*:*:*:*:*","matchCriteriaId":"A5F8D5F3-ED67-469D-BBCE-A7669BF85755"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:*:*:*:*:*:*:*","matchCriteriaId":"85B536C7-3E9A-4862-9714-3BCA1A8C6815"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.6_mr3:p1:*:*:*:*:*:*","matchCriteriaId":"56639D86-F53E-4334-A67C-D9DB2D5713E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.7_base:*:*:*:*:*:*:*","matchCriteriaId":"7288021F-83C7-49FC-9CC3-CC4B3877C412"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:*:*:*:*:*:*:*","matchCriteriaId":"0F99CC51-B1B2-4E1A-ACA6-766EE5907139"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.7_mr1:p1:*:*:*:*:*:*","matchCriteriaId":"031E633D-2FED-4874-8D7D-4275875078FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:2.7_mr2:*:*:*:*:*:*:*","matchCriteriaId":"992973F3-E460-4AF5-B1BA-48CC61B87FCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:t29_base:*:*:*:*:*:*:*","matchCriteriaId":"D792EF72-4866-4DD9-AE59-468E49C7E31F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:t30_base:*:*:*:*:*:*:*","matchCriteriaId":"1515E161-06AE-4A77-BA55-B04E0ECF05B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:webex_meeting_center:t31_base:*:*:*:*:*:*:*","matchCriteriaId":"77A34A56-995C-456D-9F66-2D4510A8746A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95737","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037680","source":"psirt@cisco.com"},{"url":"https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html","source":"psirt@cisco.com"},{"url":"https://blog.filippo.io/webex-extension-vulnerability/","source":"psirt@cisco.com"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1096","source":"psirt@cisco.com","tags":["Technical Description","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1100","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/909240","source":"psirt@cisco.com"},{"url":"http://www.securityfocus.com/bid/95737","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037680","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://0patch.blogspot.com/2017/01/micropatching-remote-code-execution-in.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.filippo.io/webex-extension-vulnerability/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1100","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/909240","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10164","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T15:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow."},{"lang":"es","value":"Desbordamientos múltiples de entero en libXpm en versiones anteriores a 3.5.12, cuando un programa solicita interpretar extensiones XPM en una plataforma 64-bit, permiten a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) o ejecutar código arbitrario a través de (1) el número de extensiones o (2) su longitud concatenada en un archivo XPM manipulado, que desencadena un desbordamiento de búfer basado en memoria dinámica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:x.org:libxpm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5.11","matchCriteriaId":"86C84875-9507-4CEF-ABA2-362841307682"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3772","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/22/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95785","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1865","source":"cve@mitre.org"},{"url":"https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.freedesktop.org/archives/xorg/2016-December/058537.html","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-72","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3772","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/22/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95785","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1865","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.freedesktop.org/archives/xorg/2016-December/058537.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-72","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10173","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T15:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the minitar before 0.6 and archive-tar-minitar 0.5.2 gems for Ruby allows remote attackers to write to arbitrary files via a .. (dot dot) in a TAR archive entry."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en versiones en las gemas para Ruby minitar en versiones anteriores a 0.6 y archive-tar-minitar 0.5.2 permite a atacantes remotos escribir archivos arbitrarios a través de un .. (punto punto) en una entrada de archivo TAR."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:minitar:archive-tar-minitar:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.2","matchCriteriaId":"B9B28DAB-3949-4E98-8A06-278AED86949B"},{"vulnerable":true,"criteria":"cpe:2.3:a:minitar:minitar:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.4","matchCriteriaId":"BE8EC005-0081-4584-A651-D6C6A1121D87"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3778","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/24/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/29/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95874","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/halostatue/minitar/issues/16","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://puppet.com/security/cve/cve-2016-10173","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-32","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3778","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/24/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/29/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95874","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/halostatue/minitar/issues/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://puppet.com/security/cve/cve-2016-10173","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-32","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4038","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T15:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value."},{"lang":"es","value":"Error de índice de array en la función msm_sensor_config en kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c en dispositivos Samsung con Android KK(4.4) o L y un chipset APQ8084, MSM8974 o MSM8974pro permite a usuarios locales tener impacto no especificado a través del valor gpio_config.gpio_name."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*","matchCriteriaId":"68B4FF3D-35CC-4E86-A6EE-D065D654FC4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"A13E2E2D-41E2-4CF7-A019-6B462A614271"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"DD99CD57-C55D-4812-8F9C-5ACE7555C086"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:samsung:apq8084:-:*:*:*:*:*:*:*","matchCriteriaId":"231FB55A-24CD-48B8-BA96-AC2C8A2454F1"},{"vulnerable":false,"criteria":"cpe:2.3:h:samsung:msm8974:-:*:*:*:*:*:*:*","matchCriteriaId":"FB4404A4-F022-4D27-B95B-762D4D685265"},{"vulnerable":false,"criteria":"cpe:2.3:h:samsung:msm8974pro:-:*:*:*:*:*:*:*","matchCriteriaId":"774D2F0D-388F-4377-A841-E97F5BE0C3D8"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/17/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9963","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T15:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exim before 4.87.1 might allow remote attackers to obtain the private DKIM signing key via vectors related to log files and bounce messages."},{"lang":"es","value":"Exim en versiones anteriores a 4.87.1 podrían permitir a atacantes remotos obtener la clave de firma DKIM privada a través de vectores relacionados con archivos de registro y mensajes de devolución."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exim:exim:*:*:*:*:*:*:*:*","versionEndIncluding":"4.87","matchCriteriaId":"56A0CF3A-F573-436F-A6AB-707B3AC66F85"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*","matchCriteriaId":"1AFB20FA-CB00-4729-AB3A-816454C6D096"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3747","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.exim.org/static/doc/CVE-2016-9963.txt","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94947","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037484","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3164-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.exim.org/show_bug.cgi?id=1996","source":"cve@mitre.org","tags":["Issue Tracking","Mitigation","Vendor Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3747","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.exim.org/static/doc/CVE-2016-9963.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94947","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ubuntu.com/usn/USN-3164-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.exim.org/show_bug.cgi?id=1996","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8491","sourceIdentifier":"psirt@fortinet.com","published":"2017-02-01T17:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell."},{"lang":"es","value":"La presencia de una cuenta embebida llamada 'core' en Fortinet FortiWLC permite a atacantes obtener acceso de lectura/escritura no autorizado a través de una shell remota."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:N","baseScore":9.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:fortinet:fortiwlc:7.0-9-1:*:*:*:*:*:*:*","matchCriteriaId":"A842B7E0-7B16-4872-B18E-C05F30CD72CB"},{"vulnerable":true,"criteria":"cpe:2.3:h:fortinet:fortiwlc:7.0-10-0:*:*:*:*:*:*:*","matchCriteriaId":"7EBCE7F9-9DA6-40BD-9266-FCF0846B6280"},{"vulnerable":true,"criteria":"cpe:2.3:h:fortinet:fortiwlc:8.1-2-0:*:*:*:*:*:*:*","matchCriteriaId":"41B97F50-3CE8-48F8-B24A-4AA79C255C8F"},{"vulnerable":true,"criteria":"cpe:2.3:h:fortinet:fortiwlc:8.1-3-2:*:*:*:*:*:*:*","matchCriteriaId":"4E60189C-EE4B-4910-BD58-35AB93482F0F"},{"vulnerable":true,"criteria":"cpe:2.3:h:fortinet:fortiwlc:8.2-4-0:*:*:*:*:*:*:*","matchCriteriaId":"CA834964-1568-48B9-9828-32C6109597B1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94186","source":"psirt@fortinet.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-16-065","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94186","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-16-065","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10079","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T19:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515."},{"lang":"es","value":"SAPlpd hasta la versión 7400.3.11.33 en SAP GUI 7.40 en Windows tiene una vulnerabilidad de denegación de servicio (caída de servicio) con una cadena larga en el puerto TCP 515."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:saplpd:*:*:*:*:*:*:*:*","versionEndIncluding":"7400.3.11.33","matchCriteriaId":"E9194A1F-CB0A-4454-8383-381841038297"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/41030/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41030/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9225","sourceIdentifier":"psirt@cisco.com","published":"2017-02-01T19:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the data plane IP fragment handler of the Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security module could allow an unauthenticated, remote attacker to cause the CX module to be unable to process further traffic, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of IP fragments. An attacker could exploit this vulnerability by sending crafted fragmented IP traffic across the CX module. An exploit could allow the attacker to exhaust free packet buffers in shared memory (SHM), causing the CX module to be unable to process further traffic, resulting in a DoS condition. This vulnerability affects all versions of the ASA CX Context-Aware Security module. Cisco has not released and will not release software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCva62946."},{"lang":"es","value":"Una vulnerabilidad en el manejador de fragmentos de IP de plano de datos del módulo CX Context-Aware Security de Cisco Adaptive Security Appliance (ASA) podrían permitir a un atacante remoto no autenticado provocar que el módulo CX no pudiera procesar más tráfico, resultando en una denegación de servicio (DoS). La vulnerabilidad se debe a un manejo inadecuado de fragmentos IP. Un atacante podría explotar esta vulnerabilidad mediante el envío de tráfico IP fragmentado manipulado a través del módulo CX. Un exploit podría permitir al atacante agotar los búfers de paquetes libres en la SHM, haciendo que el módulo CX no pueda procesar más tráfico, resultando en una condición DoS. Esta vulnerabilidad afecta a todas las versiones del módulo ASA CX Context-Aware Security. Cisco no ha lanzado y no lanzará actualizaciones de software que aborden esta vulnerabilidad. No existen soluciones provisionales que aborden esta vulnerabilidad. ID de errores de Cisco: CSCva62946"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-399"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EBC9743A-641F-4F0A-97FC-5DF8B0333222"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*","matchCriteriaId":"F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A81A0E90-9200-436C-81BC-FA4BF745EEDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*","matchCriteriaId":"13B6FFEA-4F46-4D20-9821-FE32B57F6145"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*","matchCriteriaId":"8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*","matchCriteriaId":"6A4AE8C1-9BD1-491A-9835-D95F4D90F496"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*","matchCriteriaId":"A0710827-10AD-4DE9-BB0F-B4D072DDC8DA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*","matchCriteriaId":"96F09A7A-9A3D-4D73-912A-2B01CEABEFBA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*","matchCriteriaId":"0AA36AEA-6516-41DD-90D3-0504A4CB5231"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*","matchCriteriaId":"68C47683-C68B-4B84-80F6-FDFF9156991C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*","matchCriteriaId":"AEFA5ADA-E573-447B-AFD9-E37682B57BD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.2-1:*:*:*:*:*:*:*","matchCriteriaId":"E5E0F299-9B0A-46A2-83A2-EEB3E6D2B828"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3\\(1.1.112\\):*:*:*:*:*:*:*","matchCriteriaId":"1EA695E3-7E4E-4ECA-8BF6-4B2024DA15D3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.1-1:*:*:*:*:*:*:*","matchCriteriaId":"BBAD7032-2FD8-4FAE-8A77-0488EE8ECAF3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.2-1:*:*:*:*:*:*:*","matchCriteriaId":"C5E3D601-FE3F-433A-84BD-6F070000BAE2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.3.1-13:*:*:*:*:*:*:*","matchCriteriaId":"90ADCF2B-BD2C-48D3-9507-B0C82D6FDADA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-1:*:*:*:*:*:*:*","matchCriteriaId":"63B17493-3AD5-4699-A2D3-9F3B4BB3631C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-2:*:*:*:*:*:*:*","matchCriteriaId":"58C171D9-0EFF-43DC-AF02-D3B8A2DFACF2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-3:*:*:*:*:*:*:*","matchCriteriaId":"055252B1-ABEA-4894-A84C-F9D75416346D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-4:*:*:*:*:*:*:*","matchCriteriaId":"9576E0A1-2184-4136-B161-D168FB7790A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-5:*:*:*:*:*:*:*","matchCriteriaId":"A11720CA-D957-4F51-9388-3BE795E5D1C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4-6:*:*:*:*:*:*:*","matchCriteriaId":"1A8EB3C3-7B09-4413-857A-0092FE1EB182"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3.4.1.11:*:*:*:*:*:*:*","matchCriteriaId":"AEE236E6-BA43-47CD-BCE0-7BEFE9662B20"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.3_base:*:*:*:*:*:*:*","matchCriteriaId":"4D9B6425-12DD-44F4-9708-7D7529CB1DE5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95788","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037696","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037696","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-cas","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3790","sourceIdentifier":"psirt@cisco.com","published":"2017-02-01T19:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263."},{"lang":"es","value":"Una vulnerabilidad en el analizador de paquetes recibidos del software Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podrían permitir a un atacante remoto no autenticado provocar una recarga del sistema afectado, resultando en una condición de denegación de servicio (DoS). La vulnerabilidad es debido a una validación de tamaño insuficiente de los datos suministrados por el usuario. Un atacante podría explotar esta vulnerabilidad enviando datos H.224 manipulados en paquetes de protocolo de transporte en tiempo real (RTP) en una llamada H.323. Un exploit podría permitir al atacante desbordar un búfer en un caché que pertenece al analizador de paquetes recibido, lo que resultará en una caída de la aplicación, resultando en una condición DoS. Todas las versiones de Cisco Expressway Series Software y Cisco TelePresence VCS Software anteriores a la versión X8.8.2 son vulnerables. Cisco ha lanzado actualizaciones de software que abordan esta vulnerabilidad. No existen soluciones provisionales que aborden esta vulnerabilidad. ID de errores de Cisco: CSCus99263."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-399"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.1.0:*:*:*:*:*:*:*","matchCriteriaId":"F9DC165C-077E-4903-A958-D231BAEE0020"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"87096AE0-122C-4693-96DA-B978CAFBFB06"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"76F5E4D7-3CB0-4273-932E-7DDA96E6B2AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.1_base:*:*:*:*:*:*:*","matchCriteriaId":"A7BB9CF6-7123-4A8D-81E1-82AA3599C9A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.2.1:*:*:*:*:*:*:*","matchCriteriaId":"C3F39261-D3F4-490F-AEF2-E0B6D8E33775"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"E94DBE30-E66C-4903-B9BD-7FB2114556E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.2_base:*:*:*:*:*:*:*","matchCriteriaId":"38D22EB0-54AF-4FC2-91CD-A56BFECA1BB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5:rc4:*:*:*:*:*:*","matchCriteriaId":"C7B8EF76-D6E4-40A2-8360-A6589A8C0FDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5.0:*:*:*:*:*:*:*","matchCriteriaId":"8867B660-29CC-4A6F-A116-D291E1A3F605"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5.1:*:*:*:*:*:*:*","matchCriteriaId":"5C625B0D-351F-4AE3-B900-F6009C507C83"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5.2:*:*:*:*:*:*:*","matchCriteriaId":"E54B267A-5511-4CAD-83FD-119F4A3F8940"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5.3:*:*:*:*:*:*:*","matchCriteriaId":"33D4E7C8-57B6-4531-8977-9713CF2E16F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.5_base:*:*:*:*:*:*:*","matchCriteriaId":"9A293B34-C664-4872-A608-1605FC3C69DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.6.0:*:*:*:*:*:*:*","matchCriteriaId":"16120699-535F-4327-8255-0570B6A910B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.6.1:*:*:*:*:*:*:*","matchCriteriaId":"1D5F40B1-0B27-4EA7-8369-F3DEA77B54D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.7.0:*:*:*:*:*:*:*","matchCriteriaId":"10561DBB-AC29-448D-AB2C-2F75680E83D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.7.1:*:*:*:*:*:*:*","matchCriteriaId":"BE620C62-16CB-4E54-BA4C-900A8645355F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.7.2:*:*:*:*:*:*:*","matchCriteriaId":"BB29BE2C-42EF-416E-B804-40D4153A1D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.7.3:*:*:*:*:*:*:*","matchCriteriaId":"327F453C-1944-4C95-B162-01F5C6E93E16"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.8.0:*:*:*:*:*:*:*","matchCriteriaId":"AB1AA69B-137A-4AF4-879A-ED794192107D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:expressway:x8.8.1:*:*:*:*:*:*:*","matchCriteriaId":"AAB1E164-5F1E-4AD7-A0C5-76D7D44739E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x5.2_base:*:*:*:*:*:*:*","matchCriteriaId":"2882AA46-B435-4D42-B4B8-F93B3C1758C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x6.0_base:*:*:*:*:*:*:*","matchCriteriaId":"BB0BC857-6E5B-4DA0-9B8F-9084582A6ABF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x6.1_base:*:*:*:*:*:*:*","matchCriteriaId":"13345449-F9D9-4B42-9C17-77F8112C078D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"65FBF866-68D8-4C2E-8131-C5E4D20AF9D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7E6FA277-B272-48F1-9FFB-427725F20B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B876F653-ED75-4130-AB8E-293D208B62D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"7458B1AB-EEBE-4713-989A-5CDF37791E3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.1_base:*:*:*:*:*:*:*","matchCriteriaId":"99A522BF-AB0B-4FAE-A00E-69D09E917BB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1FDF9DC2-324B-4827-967D-8263B3416FED"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"750524D1-77F7-419A-AD47-4CA360952833"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_video_communication_server:x7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"2973CEC1-D2A2-46E0-B493-4664FB6F328B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95786","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037697","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95786","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037697","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3791","sourceIdentifier":"psirt@cisco.com","published":"2017-02-01T19:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges. The vulnerability is due to a processing error in the role-based access control (RBAC) of URLs. An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication. An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges. This vulnerability affects Cisco Prime Home versions from 6.3.0.0 to the first fixed release 6.5.0.1. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCvb49837."},{"lang":"es","value":"Una vulnerabilidad en la GUI basada en web de Cisco Prime Home podrían permitir a un atacante remoto no autenticado eludir la autenticación y ejecutar acciones con privilegios de administrador. La vulnerabilidad se debe a un error de procesamiento en el control de acceso basado en funciones (RBAC) de las URL. Un atacante podría explotar esta vulnerabilidad enviando comandos de la API a través de HTTP a una URL determinada sin autenticación previa. Un exploit podría permitir al atacante realizar cualquier acción en Cisco Prime Home con privilegios de administrador. Esta vulnerabilidad afecta a las versiones de Cisco Prime Home desde la versión 6.3.0.0 hasta la primera versión fija 6.5.0.1. Cisco ha lanzado actualizaciones de software que abordan esta vulnerabilidad. No existen soluciones provisionales que aborden esta vulnerabilidad. ID de errores de Cisco: CSCvb49837."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"25479501-2E86-431C-8668-839C05ADE5B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DDC23815-EB9C-4391-821A-9016EE5643BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CB4EE5C1-9915-40FD-AA62-499CD4FB6ADD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6386283D-8F12-44F3-9B3A-8B0928C5A84D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"A0AD4C40-D2CF-4EEA-9512-A5D4A1E4F316"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:cisco_prime_home:6.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F00F45E7-72B8-494B-A193-D1BB6F877376"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95933","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95933","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3792","sourceIdentifier":"psirt@cisco.com","published":"2017-02-01T19:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system. Cisco TelePresence MCU platforms TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 and TelePresence MCU 4500 are affected when running software version 4.3(1.68) or later configured for Passthrough content mode. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available, but mitigations are available. Cisco Bug IDs: CSCuu67675."},{"lang":"es","value":"Una vulnerabilidad en un controlador de dispositivo propietario en el kernel del Software Cisco TelePresence Multipoint Control Unit (MCU) podrían permitir a un atacante remoto no autenticado ejecutar código arbitrario o provocar una condición de denegación de servicio (DoS). La vulnerabilidad se debe a una validación de tamaño incorrecta al reensamblar paquetes IPv4 o IPv6 fragmentados. Un atacante podría explotar esta vulnerabilidad mediante el envío de fragmentos IPv4 o IPv6 a un puerto que reciba contenido en modo de contenido Passthrough. Un exploit podría permitir al atacante desbordar un búfer. Si tiene éxito, el atacante podría ejecutar código arbitrario o provocar una condición DoS en el sistema afectado. Las plataformas Cisco TelePresence MCU TelePresence MCU 5300 Series, TelePresence MCU MSE 8510 y TelePresence MCU 4500 se ven afectadas cuando se ejecuta la versión de software 4.3 (1.68) o una configuración posterior para el modo de contenido Passthrough. Cisco ha lanzado actualizaciones de software que abordan esta vulnerabilidad. Las soluciones provisionales que abordan esta vulnerabilidad no están disponibles, pero hay mitigaciones disponibles. ID de errores de Cisco: CSCuu67675."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(1.68\\):*:*:*:*:*:*:*","matchCriteriaId":"0D5DEB9D-D154-43EF-87CB-3BEB0B06936A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.18\\):*:*:*:*:*:*:*","matchCriteriaId":"920D4FF4-0E1A-446A-B6AF-0A3CE1D3A236"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.30\\):*:*:*:*:*:*:*","matchCriteriaId":"8A6DE420-0DBA-4C14-B8C2-8C2CBEBE94E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.3_\\(2.32\\):*:*:*:*:*:*:*","matchCriteriaId":"EAB21E91-9369-487F-B22F-3B26B560310E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.42\\):*:*:*:*:*:*:*","matchCriteriaId":"C205C88E-C048-4842-97D7-47CACC6DB595"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.49\\):*:*:*:*:*:*:*","matchCriteriaId":"635AA5E5-1319-4E8D-B6FE-7BC0B53F2770"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.54\\):*:*:*:*:*:*:*","matchCriteriaId":"E1C0AAE1-32B3-440B-962A-EB938B630E6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.57\\):*:*:*:*:*:*:*","matchCriteriaId":"6C03917E-4EF8-47EF-B574-E4C6BD27F37A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.4_\\(3.67\\):*:*:*:*:*:*:*","matchCriteriaId":"459622B5-5275-432B-A4B7-36DDF2C04958"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.45\\):*:*:*:*:*:*:*","matchCriteriaId":"55D7930B-46C4-4CF9-97E5-A9B6DE2B9010"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.55\\):*:*:*:*:*:*:*","matchCriteriaId":"6FC5F5D4-EAA9-45B9-805A-C54D6CE1771F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.71\\):*:*:*:*:*:*:*","matchCriteriaId":"536CCE45-8927-4E41-97B4-BB23283CB4C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.72\\):*:*:*:*:*:*:*","matchCriteriaId":"7CB34EE6-77D4-4CF8-AAC1-1D2AD436176E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:telepresence_mcu_software:4.5_\\(1.85\\):*:*:*:*:*:*:*","matchCriteriaId":"671D9004-A722-4BED-8C37-0E04A409C7CB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_4505:-:*:*:*:*:*:*:*","matchCriteriaId":"5574D81E-25A1-477A-978C-109D667771A8"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_4510:-:*:*:*:*:*:*:*","matchCriteriaId":"96560014-147A-4AE1-A215-E2F04B3AD7C6"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_4515:-:*:*:*:*:*:*:*","matchCriteriaId":"72129DF6-D50B-46D8-84EA-95E65D86FF62"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_4520:-:*:*:*:*:*:*:*","matchCriteriaId":"11C64580-60FB-40CB-968A-1737E59A1E6F"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_5310:-:*:*:*:*:*:*:*","matchCriteriaId":"D14ACCD9-5840-4459-91B8-E8D8BABB6DF4"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_5320:-:*:*:*:*:*:*:*","matchCriteriaId":"3DEB99C0-5510-48C5-BFA4-DEAB511714DB"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:telepresence_mcu_mse_8510:-:*:*:*:*:*:*:*","matchCriteriaId":"738ED7C7-98D6-4BD5-9115-48405F350CC9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95787","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037698","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037698","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-0265","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."},{"lang":"es","value":"IBM Campaign es vulnerable a las secuencias de comandos en sitios cruzados, causadas por una validación incorrecta de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para ejecutar la secuencia de comandos en el navegador Web de una víctima dentro del contexto de seguridad del sitio Web de alojamiento, una vez que se hace clic en la URL. Un atacante podría usar esta vulnerabilidad para robar las credenciales de autenticación basadas en cookies de la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:campaign:8.6:*:*:*:*:*:*:*","matchCriteriaId":"8CCF7E4A-B159-45CA-A3F6-C6D26B2AF08C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:campaign:9.1:*:*:*:*:*:*:*","matchCriteriaId":"8511BB84-F922-496D-B508-C4116599FCC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:campaign:9.1.1:*:*:*:*:*:*:*","matchCriteriaId":"9C3D9E35-1594-4D84-AF18-170D20960D99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:campaign:9.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C4C2D913-808F-4705-8AD5-17157FA833C0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986033","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95100","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986033","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95100","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0296","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores potentially sensitive information in log files that could be available to a local user."},{"lang":"es","value":"IBM Tivoli Endpoint Manager - Mobile Device Managemen (MDM) almacena información potencialmente sensible en archivos de registro que podrían estar disponibles para un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993213","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94213","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993213","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94213","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0297","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could allow a remote attacker to obtain sensitive information due to a missing HTTP Strict-Transport-Security Header through man in the middle techniques."},{"lang":"es","value":"IBM Tivoli Endpoint Manager - Mobile Device Managemen (MDM) podría permitir a un atacante remoto obtener información sensible debido a un HTTP Strict-Transport-Security Header perdido a través de técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993214","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94188","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993214","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94188","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0394","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files."},{"lang":"es","value":"IBM Integration Bus y WebSphere Message broker establecen permisos incorrectos para un objeto que podrían permitir a un atacante local manipular ciertos archivos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*","matchCriteriaId":"4D9B868C-9348-4D31-95F9-FEC3D91158AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"725E3F95-4096-497D-8F2A-02C185ACF8CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:9.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"ACB80DEF-E09A-4B51-96B8-75F0AD9C6499"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"92E6A5C9-29C2-458D-AA67-E74945E2012F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*","matchCriteriaId":"0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"B859DAA9-1B0E-47CE-813D-108776C3B239"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2458C42A-90F7-457C-AAD6-205D9893A993"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8BFEC988-5E94-474F-9A60-966B8FA8B8F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"BE5CCF85-8149-43DB-A594-99895D94F447"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"EA0D7E80-2607-4567-8D1C-2ADA32F174D8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21985013","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94577","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21985013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94577","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0396","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected."},{"lang":"es","value":"IBM Tivoli Endpoint Manager podrían permitir a un usuario en circunstancias especiales inyectar comandos que sería ejecutado con privilegios superiores innecesarios de lo esperado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993206","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94155","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993206","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2908","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Single Sign On for Bluemix could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML parser. A remote attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service."},{"lang":"es","value":"IBM Single Sign On para Bluemix podrían permitir a un atacante remoto obtener información sensible, provocado por un error de entidad externa XML (XXE) al procesar datos XML por el analizador XML. Un atacante remoto podría explotar esta vulnerabilidad para leer archivos arbitrarios del sistema o provocar una denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:P","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995531","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95295","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038506","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995531","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95295","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038506","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2938","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94600","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2939","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.363","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94605","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94605","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2987","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker."},{"lang":"es","value":"Una vulnerabilidad no revelada en las aplicaciones CLM puede provocar que algunos parámetros de implementación administrativa se muestren a un atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0:*:*:*:*:*:*:*","matchCriteriaId":"5E997305-EC48-42C4-9408-EE622818BA03"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"817714F1-B68E-41DB-A4FC-34FD5518B9BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D0477D24-56F7-46A2-A08A-C20A90E6E85C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6CABBD25-7C8D-4CE1-B9C9-75670C8B5B09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"31D9D1B5-C3D1-42F2-A963-9FA30CF20AA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"E0514FAC-52CE-41F6-B255-E2D83E71F3E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"ACA25E78-52E0-4B5E-AECC-0F24C827F3F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"746190AA-6D21-446F-80F5-4C98F5BF74A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"08125E1B-FE2B-436C-A69F-067BC1B5C542"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"C380E168-9045-4BF3-A485-2943B2FDE44D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"8ED17A54-D64F-4FEC-A9FF-1D85C0E0595E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5917861D-85E7-45F6-9150-BD6F2E272832"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"90570EDF-C0A3-4AF5-9763-2D6473762A24"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"608625CE-F543-4DCA-A3F9-70A35ECD1550"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0:*:*:*:*:*:*:*","matchCriteriaId":"AE1738F8-EECC-46C9-AE0C-46E8E4B2AC5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D5419531-869F-4389-AF72-18F6E0DF3CA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8F01BD6B-30EA-4AD6-A2CA-04638FF59DF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"3E8B81FD-2288-4DD3-9AAC-76016FFA2D30"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"08EEA77B-8151-407C-A840-6E2334FF962B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F5ECD177-5310-44DA-A364-1077898C3A50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7F242460-F1F6-4D37-8817-4F6040FB5F5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"DCC4C9D2-6799-44B5-AEF4-47DD3CC012FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"364E7E8D-D988-4546-9E61-CD2D1A6F0728"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D34C6DE1-40BC-44F3-B106-47E4FA1C4FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AB0AA277-39E7-441C-9AF2-18848FD4C9D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4938F063-34AF-4C5F-AF43-534C3D052720"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3902033E-35AB-4358-9D07-AF8C59A9621A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"559C7C20-BD07-4E30-A74C-EA35DB2E3F2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"B15D55E2-D1C2-4934-8C51-2DA2778ADF7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"AC0F2747-175E-4B85-9020-162F019860EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"9B31F581-9E7A-4882-A915-FE4784FDC996"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*","matchCriteriaId":"D094EE5E-DF84-4922-A612-35CD4DC4D875"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BA1E396E-905A-4CE3-8AEB-12BFBE679B2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"2D1186E8-2639-476F-802E-580D98F2E255"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7E998F-416E-4E1F-BF85-606224B468CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2ED82318-CB9F-4EC4-BABF-1F473B3AA799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*","matchCriteriaId":"46883130-F370-406C-A8E8-213399F2EE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5A13CE71-BEC0-4DEC-9CF7-183672F6729D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2DB2451D-F31E-4CF6-8E61-2970A4FB174D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"01A27F4B-0ED9-479F-B91B-FCB514CF1D1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"EEAF452F-94AB-4857-BCD6-AE5251C61526"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"7596E71E-4507-4EFC-ABF9-41D8FD338CC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"9B201E3D-1028-4955-AFE2-AF8C14CAA182"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"A1C966E0-6372-4CA5-902E-DEE17FC139E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B12D7433-30F0-427F-BF82-0AAD492CE35D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D6B3E2B-B33D-4FB4-A8CF-0D3C781B371E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6E654FB-BD17-4308-9CD0-163D8DA0BD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C0B9D0C8-2EB2-4209-8495-1B3B823D9A41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2214FC95-71C7-4EB5-B924-9626D663E8FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"94EF2E53-3618-4610-AC36-602584DB26EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"EF978C93-8747-416A-890B-09575EF0BA13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0:*:*:*:*:*:*:*","matchCriteriaId":"2B450B35-5169-4B41-B928-0F22DF55A28C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3FC3B8F6-F9D7-454C-B7A2-732B6708AF04"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"B6B4FF44-507B-4F2E-9C7C-4D8A046542D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"BF1DD60E-3E2C-4F42-9892-B031CB3B570D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"6504477B-9BF5-49F6-8E3A-9B07B30895B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C0C4948B-69C4-4CAF-808E-426483ED0622"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1C297440-406F-4508-9D8D-92F79DF91C4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"79FB3730-EE6A-44CE-8FCD-4CE6D055EB2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3C416F89-7E5E-4FE7-A532-F13843AA1771"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E2654BDE-3134-4653-B472-995B02E9B841"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EED534E3-80EF-40AF-927A-20D59DA7B045"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C36DDB50-CF31-4B3C-AE49-99A3AFBC0791"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9DFDE569-8BE3-4CFD-8228-FF785B004068"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2D4BC069-34DB-4B2F-BD6C-494BEEEF65AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5D3E975D-3D7B-4DE3-B961-BA6D38329563"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"543CFD7E-E204-436E-A88E-212A368F7AB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A2C7E81B-DA97-4545-9C78-962E5FE9202D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2500F56F-C615-4836-9F6E-44985F898E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6D790D42-7B73-40A6-BF0E-630099FB97E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"FABBECCB-F0B9-4D45-9372-6F313F841FE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E9DF445D-E457-4FA5-A2BE-F05828F8F799"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E1CE1A44-9F74-4405-AAB4-E38487FBD91A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"29160905-BBD7-486C-A4E0-5778717389E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"0A538D21-6F83-4F01-AB4F-788A89F922CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"233E248F-0EA5-4C97-8474-C7A3EFCF7CCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"5FE6472E-AC94-431C-B8EA-8A3ED1828E85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"B8DAFF35-BD11-4EED-8B79-E99AE8A0E620"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:5.0:*:*:*:*:*:*:*","matchCriteriaId":"8EA5622F-81FF-4C0C-8A3D-9ACFE30B0ACA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C8BEC305-F98D-45F4-B149-1188744DE408"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E837B6AB-B8FF-413E-8DE9-EE61F6113ED1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:6.0:*:*:*:*:*:*:*","matchCriteriaId":"CB5C385D-6C5B-4D5E-8628-6D80E8E54403"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AF686B93-3DE2-4A4D-BA6F-10CA9AFCFA73"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_team_concert:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"380BB05E-6ADE-4A45-897D-9AA16E3408D1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95109","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95109","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3016","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code."},{"lang":"es","value":"IBM Security Access Manager para Web procesa parches, copias de seguridad de imágenes y otras actualizaciones sin verificar suficientemente el origen y la integridad del código, lo que podrían permitir a un atacante autenticado cargar código malicioso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-345"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"22433CE0-9772-48CE-8069-612FF3732C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2569AA28-5C61-4BBD-A501-E1ACFA36837B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3AB188A2-D7CE-4141-A55A-C074C84E366E"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"FE4E5283-0FEE-4F37-9C41-FA695063FF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"73EB6121-62CD-49FC-A1D2-5467B007253C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A91ADDFE-9362-4D7E-B623-D662D81382E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C8E0F31E-EB32-4442-91BE-95A9625F308F"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"701D729E-A817-4525-ADD9-EC810326B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E5883F2E-83F4-4630-813B-21E533BA2CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A1FB9953-91A1-47BB-B6BF-088FA75BEBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"CD7B0192-465A-48EF-8B51-FC6BC6EC464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3E40F5AD-E090-4D0B-A580-D794F60215DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*","matchCriteriaId":"EC5BD4D1-DD9B-4845-AF17-9B813C748D1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995518","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995518","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3017","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information due to security misconfigurations."},{"lang":"es","value":"IBM Security Access Manager para Web podrían permitir a un atacante remoto obtener información sensible debido a errores de configuración de seguridad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-358"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"22433CE0-9772-48CE-8069-612FF3732C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2569AA28-5C61-4BBD-A501-E1ACFA36837B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3AB188A2-D7CE-4141-A55A-C074C84E366E"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"FE4E5283-0FEE-4F37-9C41-FA695063FF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"73EB6121-62CD-49FC-A1D2-5467B007253C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A91ADDFE-9362-4D7E-B623-D662D81382E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C8E0F31E-EB32-4442-91BE-95A9625F308F"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"701D729E-A817-4525-ADD9-EC810326B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E5883F2E-83F4-4630-813B-21E533BA2CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A1FB9953-91A1-47BB-B6BF-088FA75BEBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"CD7B0192-465A-48EF-8B51-FC6BC6EC464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3E40F5AD-E090-4D0B-A580-D794F60215DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*","matchCriteriaId":"EC5BD4D1-DD9B-4845-AF17-9B813C748D1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995519","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995519","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3018","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Security Access Manager para Web es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F49FA0E2-5FEB-4831-980E-CFBE7E44277A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A6B67748-2677-44E7-B43D-857EBCA926C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2AEE420D-4686-4C58-B77A-2E509983F4C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"44310E32-EA05-420B-8676-4E6EEAFB6631"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B93CED0-E8FA-4238-8963-46074D11A334"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"907BB0CF-D270-4493-8D61-9841E6C5FE45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E0801BD2-D95B-4703-9804-A555F9E7BA19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2EE90667-0C16-4E4B-98DC-A6AD7A073D64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A523C406-D64C-4CE6-8CBE-34D4C060E0C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F0D646B2-7308-43A0-AE76-873946FB024E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"4B1988E5-DFE6-4282-B9D3-6655297B481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4BEF4063-73D7-416D-AD21-CDC1C0534677"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"397073E9-9696-4B4C-926D-668EA4A52E7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"643E7B97-17AB-4209-804E-79E94F3D671F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4F807870-4976-43E1-89BE-F08DEEE109CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"B2B3E49D-08E6-44CF-B034-D155247B5DB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"D54372BE-6201-48AB-A720-F29E931E52B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"39017599-E63F-4101-8D37-62D9B0CE6917"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8BA1DA71-91C8-4989-98B9-E924ED7B272A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3F884817-A712-4A89-B199-2E2483CD8363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"52F627D1-6FB4-47A2-817D-F9EC914DAC51"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995347","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96380","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96380","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3021","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request."},{"lang":"es","value":"IBM Security Access Manager para Web podría permitir a un atacante autenticado obtener información sensible de un mensaje de error utilizando una petición HTTP especialmente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"22433CE0-9772-48CE-8069-612FF3732C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2569AA28-5C61-4BBD-A501-E1ACFA36837B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3AB188A2-D7CE-4141-A55A-C074C84E366E"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"FE4E5283-0FEE-4F37-9C41-FA695063FF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"73EB6121-62CD-49FC-A1D2-5467B007253C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A91ADDFE-9362-4D7E-B623-D662D81382E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C8E0F31E-EB32-4442-91BE-95A9625F308F"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"701D729E-A817-4525-ADD9-EC810326B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E5883F2E-83F4-4630-813B-21E533BA2CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A1FB9953-91A1-47BB-B6BF-088FA75BEBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"CD7B0192-465A-48EF-8B51-FC6BC6EC464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3E40F5AD-E090-4D0B-A580-D794F60215DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*","matchCriteriaId":"EC5BD4D1-DD9B-4845-AF17-9B813C748D1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995436","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96114","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995436","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96114","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3022","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions."},{"lang":"es","value":"IBM Security Access Manager para Web podría permitir a un usuario autenticado obtener acceso a información altamente sensible debido a permisos de archivos incorrectos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"22433CE0-9772-48CE-8069-612FF3732C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2569AA28-5C61-4BBD-A501-E1ACFA36837B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3AB188A2-D7CE-4141-A55A-C074C84E366E"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"FE4E5283-0FEE-4F37-9C41-FA695063FF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"73EB6121-62CD-49FC-A1D2-5467B007253C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A91ADDFE-9362-4D7E-B623-D662D81382E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C8E0F31E-EB32-4442-91BE-95A9625F308F"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"701D729E-A817-4525-ADD9-EC810326B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E5883F2E-83F4-4630-813B-21E533BA2CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A1FB9953-91A1-47BB-B6BF-088FA75BEBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"CD7B0192-465A-48EF-8B51-FC6BC6EC464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3E40F5AD-E090-4D0B-A580-D794F60215DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*","matchCriteriaId":"EC5BD4D1-DD9B-4845-AF17-9B813C748D1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995360","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96130","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995360","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3023","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.583","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web could allow an unauthenticated user to gain access to sensitive information by entering invalid file names."},{"lang":"es","value":"IBM Security Access Manager para Web podría permitir a un usuario no autenticado obtener acceso a información sensible introduciendo nombres de archivo no válidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"22433CE0-9772-48CE-8069-612FF3732C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2569AA28-5C61-4BBD-A501-E1ACFA36837B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"79AFD6BE-4ED1-4A9C-AF30-F083A7A4F418"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3AB188A2-D7CE-4141-A55A-C074C84E366E"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DE776097-1DA4-4F27-8E96-61E3D9FFE8D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.6:*:*:*:*:*:*:*","matchCriteriaId":"FE4E5283-0FEE-4F37-9C41-FA695063FF79"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"39D9B9CF-5F3D-4CA3-87A0-AAE1BA5F09C1"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.8:*:*:*:*:*:*:*","matchCriteriaId":"73EB6121-62CD-49FC-A1D2-5467B007253C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.9:*:*:*:*:*:*:*","matchCriteriaId":"A91ADDFE-9362-4D7E-B623-D662D81382E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C8E0F31E-EB32-4442-91BE-95A9625F308F"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.11:*:*:*:*:*:*:*","matchCriteriaId":"701D729E-A817-4525-ADD9-EC810326B9E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.12:*:*:*:*:*:*:*","matchCriteriaId":"E5883F2E-83F4-4630-813B-21E533BA2CB7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A1FB9953-91A1-47BB-B6BF-088FA75BEBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.14:*:*:*:*:*:*:*","matchCriteriaId":"CD7B0192-465A-48EF-8B51-FC6BC6EC464A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.15:*:*:*:*:*:*:*","matchCriteriaId":"3E40F5AD-E090-4D0B-A580-D794F60215DB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:7.0.0.16:*:*:*:*:*:*:*","matchCriteriaId":"EC5BD4D1-DD9B-4845-AF17-9B813C748D1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995348","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96124","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96124","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3024","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system."},{"lang":"es","value":"IBM Security Access Manager para Web permite que las páginas web se almacenen localmente y que puedan ser leídas por otro usuario del sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995340","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96132","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995340","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96132","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3027","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."},{"lang":"es","value":"IBM Security Access Manager para Web es vulnerable a una denegación de servicio, causada por un error de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994440","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96127","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994440","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96127","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3029","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."},{"lang":"es","value":"IBM Security Access Manager para Web es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que confía en el sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6B5B6BD9-C0DF-4359-A6C1-F66E24912800"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6F18D4AF-43DE-42A0-898E-50FBA7ADDDDE"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"847598BF-977A-4592-A6A1-2C7F04F29FDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EA4B8E11-83D3-4B38-90B6-4C0F536D06B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"AFD6FF12-A3AD-4D2B-92EB-44D20AF4DD9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AD7C3FED-3B2F-4EC9-9A9B-05EFDB0AA56B"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"250AF7A4-8DDF-427C-8BF7-788667908D77"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"76136DDE-1530-482B-9E32-3EA2496FDFCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8CBEA0D7-FBD0-4C7D-AB8F-73018359996A"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"7CCECD9C-D506-4AEA-AE59-49A81E2D7020"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_mobile_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"FCB6511D-5B6C-4BBB-8DEF-C37026398D6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4B0D27CF-70BF-4C72-A963-310272D8EBF7"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"97E19969-DD73-42F2-9E91-504E1663B268"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F9CC2E05-5179-4241-A710-E582510EEB0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BD1366C8-9C78-4B40-8E40-19C4DFEC2B1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"73E4F0CD-26DF-4975-8F40-ECB8E03A08C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"FFE6F2A0-BD38-4853-A8FB-299A341FA0B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D0122CE6-44D9-4A5F-8DD4-B1F7F229FDFB"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D1C6294A-7243-499D-8371-F000BEB7CF2F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995345","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96133","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995345","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96133","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3034","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AppScan Source uses a one-way hash without salt to encrypt highly sensitive information, which could allow a local attacker to decrypt information more easily."},{"lang":"es","value":"IBM AppScan Source usa un hash unidireccional sin salt para cifrar información altamente sensible , lo que podría permitir a un atacante local descifrar información con mayor facilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CDCE5EF-CD70-4B37-818F-226BDC458233"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"47D80C99-97BD-4D74-B146-675B20B0193F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"530DE7A6-01F8-4EB5-A395-A5B592BA100F"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995903","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95195","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95195","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3035","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AppScan Source could reveal some sensitive information through the browsing of testlinks on the server."},{"lang":"es","value":"IBM AppScan Source podría revelar cierta información sensible a través de la exploración de enlaces de prueba en el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0CDCE5EF-CD70-4B37-818F-226BDC458233"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"47D80C99-97BD-4D74-B146-675B20B0193F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan_source:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"530DE7A6-01F8-4EB5-A395-A5B592BA100F"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987325","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95177","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987325","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3043","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.770","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM Security Access Manager para Web podría permitir a un atacante remoto obtener información sensible, causada por el error de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5A5ACB34-BC23-4175-9F6A-91FB6762A040"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"35BD8955-4735-4FDC-906A-B404C4E36417"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","matchCriteriaId":"6921A2CC-67D0-41B5-908B-F002C14AFD70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F5B95177-2AA3-45D4-895D-56CA35B32813"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995446","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95107","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995446","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3045","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.817","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referer header or browser history."},{"lang":"es","value":"IBM Security Access Manager para Web almacena información sensible en parámetros URL. Esto puede dar lugar a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado referente o el historial del navegador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F49FA0E2-5FEB-4831-980E-CFBE7E44277A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A6B67748-2677-44E7-B43D-857EBCA926C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2AEE420D-4686-4C58-B77A-2E509983F4C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"44310E32-EA05-420B-8676-4E6EEAFB6631"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2EE90667-0C16-4E4B-98DC-A6AD7A073D64"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AA8844A0-17D5-4EE9-85C4-518DACE7C9D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F0D646B2-7308-43A0-AE76-873946FB024E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"4B1988E5-DFE6-4282-B9D3-6655297B481B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4BEF4063-73D7-416D-AD21-CDC1C0534677"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"58D7CF23-E40B-48FE-B1F2-BAD47500A98B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F6658BD1-B9F9-4C68-AC7B-66E0630ACD68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5000C473-1151-4C1C-BCB8-C410D8BDA362"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AB037932-234B-41AD-8119-D964796ADDFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8BA1DA71-91C8-4989-98B9-E924ED7B272A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3F884817-A712-4A89-B199-2E2483CD8363"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_web:8.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"52F627D1-6FB4-47A2-817D-F9EC914DAC51"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995435","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95103","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3046","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements which could allow the attacker to view information in the back-end database."},{"lang":"es","value":"IBM Security Access Manager para Web es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas que podrían permitir al atacante ver información en back-end de la base de datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"35BD8955-4735-4FDC-906A-B404C4E36417"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","matchCriteriaId":"6921A2CC-67D0-41B5-908B-F002C14AFD70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F5B95177-2AA3-45D4-895D-56CA35B32813"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995527","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95104","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995527","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3053","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.863","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges."},{"lang":"es","value":"IBM AIX contiene una vulnerabilidad no especificada que permitiría a un usuario autenticado localmente obtener privilegios de nivel de root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]}],"references":[{"url":"http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93605","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037030","source":"psirt@us.ibm.com"},{"url":"https://www.exploit-db.com/exploits/40709/","source":"psirt@us.ibm.com"},{"url":"http://aix.software.ibm.com/aix/efixes/security/lsmcode_advisory2.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93605","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037030","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40709/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5880","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94606","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94606","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5882","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.940","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94604","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5884","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.973","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94602","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94602","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5896","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:00.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting incorrect login onto Cognos browser."},{"lang":"es","value":"IBM Maximo Asset Management podría revelar información sensible de una traza de pila después de la presentación de inicio de sesión incorrecto en el navegador de Cognos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*","matchCriteriaId":"58B773C7-9386-4704-B85F-748578DBC242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*","matchCriteriaId":"DBC96757-682F-4EBF-83A7-7C85C451ED26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BA294D6-4D4D-4ADB-A05B-F578A8877A4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6:*:*:*:*:*:*:*","matchCriteriaId":"54B15803-D203-4620-B4CF-0F417C7A9B79"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6:*:*:*:*:*:*:*","matchCriteriaId":"ED14563B-CA07-4CEF-B46B-672F06D08B9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*","matchCriteriaId":"7759191C-5D16-4937-BC80-5A47FE4F9DD1"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987855","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93872","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987855","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93872","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5897","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.020","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site."},{"lang":"es","value":"IBM Jazz Reporting Service (JRS) es vulnerable a inyección HTML. Un atacante remoto podría inyectar código HTML malicioso, que al ser visto, sería ejecutado en el navegador Web de la víctima dentro del contexto de seguridad del sitio de alojamiento."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*","matchCriteriaId":"07DD3FB3-ABE3-4645-9AFB-429EA4EA818D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FF3780DD-9FAC-4850-AA83-DCA7D013FB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991153","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94857","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991153","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94857","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5898","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caused by not restricting JSON serialization. By sending a direct request, an attacker could exploit this vulnerability to obtain sensitive information."},{"lang":"es","value":"IBM Jazz Reporting Service (JRS) podrían permitir a un atacante remoto obtener información sensible, causada por no restringir la serialización de JSON. Al enviar una petición directa, un atacante podría explotar esta vulnerabilidad para obtener información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4D226029-A37F-486C-9DCD-1921671F242D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"83152595-8909-4AA4-A7D1-2E113A197B1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"103F9E24-E11F-4BAC-8EDB-86D332B9EC43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*","matchCriteriaId":"07DD3FB3-ABE3-4645-9AFB-429EA4EA818D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FF3780DD-9FAC-4850-AA83-DCA7D013FB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94848","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94848","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5899","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.083","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4D226029-A37F-486C-9DCD-1921671F242D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"83152595-8909-4AA4-A7D1-2E113A197B1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"103F9E24-E11F-4BAC-8EDB-86D332B9EC43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*","matchCriteriaId":"07DD3FB3-ABE3-4645-9AFB-429EA4EA818D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FF3780DD-9FAC-4850-AA83-DCA7D013FB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94844","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94844","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5937","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que confía en el sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94390","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94390","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5939","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a la inyección de SQL. es vulnerable a la inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas, lo que podrían permitir al atacante ver, añadir, modificar o eliminar información en el back-end de la base de datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:4.1:*:*:*:*:*:*:*","matchCriteriaId":"FB8641F8-4C7E-43AC-8903-F33A94CD3D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:4.2:*:*:*:*:*:*:*","matchCriteriaId":"9F4D465B-1715-4248-9461-1BC761463747"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"689A0833-5311-48B0-87CA-B702657FA189"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"C71EB4D0-EA80-42D9-9FD8-919927378B44"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"8069E657-AD31-4A0F-B9E3-7E4FF987A74E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:5.0:*:*:*:*:*:*:*","matchCriteriaId":"33B9A889-601B-4E73-90EA-D8A54F37F763"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:5.1:*:*:*:*:*:*:*","matchCriteriaId":"7B50D771-608D-4240-B793-E62654BA1D5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:5.2:*:*:*:*:*:*:*","matchCriteriaId":"9DEE28D7-183B-4878-9AC2-A12D40DE39A5"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992129","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93523","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5948","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94388","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94388","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5949","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data with a specially crafted HTTP request."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud podría permitir a un usuario autenticado obtener datos de usuario sensibles con una petición HTTP especialmente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992276","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93559","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992276","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93559","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5950","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by an authenticated user."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud almacena las credenciales de usuario en un texto plano que puede ser leído por un usuario autenticado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94387","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94387","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5951","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94385","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94385","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5952","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud es vulnerable a inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas, lo que podría permitir al atacante ver, añadir, modificar o eliminar información en el back-end de la base de datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21976805","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93520","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21976805","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5958","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information."},{"lang":"es","value":"IBM Security Privileged Identity Manager podrían permitir a un atacante remoto obtener información sensible, provocada por la falta para establecer el indicador seguro para la cookie de sesión en modo SSL. Al interceptar su transmisión dentro de una sesión HTTP, un atacante podría explotar esta vulnerabilidad para capturar la cookie y obtener información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D07547A7-E87E-4085-983F-29BD485E3160"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.1:*:*:*:*:*:*:*","matchCriteriaId":"8C26B4C2-D6EC-4367-9D59-BE9FF8DC2395"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95196","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5964","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."},{"lang":"es","value":"IBM Security Privileged Identity Manager Virtual Appliance versión 2.0.2 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto para credenciasles de cuenta por fuerza bruta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D07547A7-E87E-4085-983F-29BD485E3160"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994065","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94308","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994065","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5966","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM Security Privileged Identity Manager Virtual Appliance podría permitir a un atacante remoto obtener información sensible, causada por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D07547A7-E87E-4085-983F-29BD485E3160"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.1:*:*:*:*:*:*:*","matchCriteriaId":"8C26B4C2-D6EC-4367-9D59-BE9FF8DC2395"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95197","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95197","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5980","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM TRIRIGA Application Platform es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6282A028-3DB7-4CE3-8479-2B254EE20C61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D387C439-0C1C-4419-9115-F830414AC6D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A44316ED-571F-4E4B-BC02-CED0E09D175E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B422964C-DAC7-4896-9368-AFDC6BE64F87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"31E156E1-EA1D-463B-AC55-964D1897BB12"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7E0AC53E-0F04-4F25-9F9C-AFF998C1CEB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"648D0E41-BA9F-4798-A5E4-413F7D895B7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"110B75DA-3B5D-4B2A-A243-C02F04A69DD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3CFF6D9D-633A-414B-9A81-9627F1006F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"97EB5F4E-24BB-4F17-80B1-963DBC66E44D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2FAD7EB7-9157-4FA1-822D-C5C704136FD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"59161DED-CC0F-4BD2-BCAD-6D3E766FAB8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.5:*:*:*:*:*:*:*","matchCriteriaId":"1A818249-26BA-4575-9805-3AC8C038B25B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AC985F26-E915-49CA-951A-7E3FE59E5377"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4271E1DA-B047-4C91-93D6-EF5A9EE9AC51"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"27D8FE59-90C3-4EE3-BA70-01C71DCC27B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"3DD18A13-F399-4E83-9976-B7C6FB41B236"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"2D0F8B24-227A-42F2-A6FC-03AFB588CCCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E748299-7540-4141-B5DC-97C5C18FF162"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"13E00EA8-D6B3-464A-A7E8-F186FE4A3DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"00554970-B211-438A-A51C-5CF618431886"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"78DD7794-25C5-4C04-9CFD-4CA9EAA4CA2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"220168B8-68E8-45CA-A351-7A07415495CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"B392C124-E469-4955-B11E-8B281557C43A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CE1B5398-7C51-4834-AB7A-F284C23C95FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"627B09F8-666C-4D29-B415-7488DC54CD06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2B08907B-6794-4F16-85F2-4834FF478639"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"60154DE9-997F-4ABD-8E22-A8D006FB6931"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991992","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93780","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991992","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93780","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5984","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks."},{"lang":"es","value":"IBM InfoSphere Information Server es vulnerable a las secuencias de marco cruzados, causadas por una protección iframe HTML insuficiente. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para navegar a una página web que controla el atacante. Un atacante podría usar esta vulnerabilidad para llevar a cabo ataques de secuestro de clic o del navegador del lado del cliente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*","matchCriteriaId":"42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*","matchCriteriaId":"F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*","matchCriteriaId":"9923389A-6B64-482B-A631-1B6B841CB9AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*","matchCriteriaId":"88A5CF53-1A0C-4519-90A7-DFF6629820B0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991682","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95106","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991682","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95106","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5985","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash."},{"lang":"es","value":"El cliente IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX es vulnerable a un desbordamiento de búfer cuando Journal-Based Backup está habilitado. Un atacante local podría desboradr un búfer y ejecutar código arbitrario en el sistema o provocar una caída del sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.6.2","matchCriteriaId":"CA6CC6C2-5DBC-46B7-8BAF-069F00D40DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5999622E-68F7-4273-BAB7-0B07DCB78163"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.3.3","matchCriteriaId":"B8E8303D-DF35-4C4B-8978-A0AE6ED80732"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EAADE980-DC7D-4A3A-A0C4-B03EF08B3CBB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.3.2.5","matchCriteriaId":"3AA0336C-3E53-45B4-9A9E-E3F199A8745D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"705A5381-AEA6-4FA2-B0EC-AD5F9E4FC985"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1","matchCriteriaId":"AAF61D5E-087C-402B-9AFD-5E96C43F5975"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2","matchCriteriaId":"69F1A359-DE1D-4C50-8729-0138676A0FF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"5.5","matchCriteriaId":"FC62665E-5CE9-408F-BB37-CBB8F03F6559"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993695","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94808","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5988","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user."},{"lang":"es","value":"IBM Security Privileged Identity Manager Virtual Appliance podría revelar información sensible en mensajes de error generados que estarían disponibles para un usuario autenticado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D07547A7-E87E-4085-983F-29BD485E3160"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.1:*:*:*:*:*:*:*","matchCriteriaId":"8C26B4C2-D6EC-4367-9D59-BE9FF8DC2395"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95198","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95198","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5990","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.567","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server."},{"lang":"es","value":"IBM Security Privileged Identity Manager Virtual Appliance permite a un usuario autenticado cargar archivos maliciosos que serían ejecutados automáticamente por el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D07547A7-E87E-4085-983F-29BD485E3160"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_privileged_identity_manager:2.1:*:*:*:*:*:*:*","matchCriteriaId":"8C26B4C2-D6EC-4367-9D59-BE9FF8DC2395"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95199","source":"psirt@us.ibm.com","tags":["Patch","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5994","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to browse any file on the engine tier, and examine its contents."},{"lang":"es","value":"IBM InfoSphere Information Server contiene una vulnerabilidad que podrían permitir a un usuario autenticado explorar cualquier archivo en el nivel del motor y examinar su contenido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992171","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93557","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037022","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992171","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93557","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037022","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6000","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM TRIRIGA Application Platform es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6282A028-3DB7-4CE3-8479-2B254EE20C61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D387C439-0C1C-4419-9115-F830414AC6D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A44316ED-571F-4E4B-BC02-CED0E09D175E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B422964C-DAC7-4896-9368-AFDC6BE64F87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"31E156E1-EA1D-463B-AC55-964D1897BB12"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7E0AC53E-0F04-4F25-9F9C-AFF998C1CEB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"648D0E41-BA9F-4798-A5E4-413F7D895B7C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"110B75DA-3B5D-4B2A-A243-C02F04A69DD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3CFF6D9D-633A-414B-9A81-9627F1006F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"97EB5F4E-24BB-4F17-80B1-963DBC66E44D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"2FAD7EB7-9157-4FA1-822D-C5C704136FD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"59161DED-CC0F-4BD2-BCAD-6D3E766FAB8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.3.2.5:*:*:*:*:*:*:*","matchCriteriaId":"1A818249-26BA-4575-9805-3AC8C038B25B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AC985F26-E915-49CA-951A-7E3FE59E5377"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4271E1DA-B047-4C91-93D6-EF5A9EE9AC51"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"27D8FE59-90C3-4EE3-BA70-01C71DCC27B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"3DD18A13-F399-4E83-9976-B7C6FB41B236"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"2D0F8B24-227A-42F2-A6FC-03AFB588CCCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0E748299-7540-4141-B5DC-97C5C18FF162"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.0:*:*:*:*:*:*:*","matchCriteriaId":"13E00EA8-D6B3-464A-A7E8-F186FE4A3DB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"00554970-B211-438A-A51C-5CF618431886"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"78DD7794-25C5-4C04-9CFD-4CA9EAA4CA2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"220168B8-68E8-45CA-A351-7A07415495CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"B392C124-E469-4955-B11E-8B281557C43A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CE1B5398-7C51-4834-AB7A-F284C23C95FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"627B09F8-666C-4D29-B415-7488DC54CD06"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2B08907B-6794-4F16-85F2-4834FF478639"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tririga_application_platform:3.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"60154DE9-997F-4ABD-8E22-A8D006FB6931"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991995","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93603","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991995","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93603","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6020","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.660","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."},{"lang":"es","value":"IBM Sterling B2B Integrator Standard Edition podrían permitir a un atacante remoto llevar a cabo ataques de phishing, utilizando un ataque de redirección abierta. Al persuadir a una victima para visitar un sitio Web especialmente manipulado, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio Web malicioso que parece ser de confianza. Esto podría permitir al atacante obtener información altamente sensible o llevar a cabo además ataques contra la victima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*","matchCriteriaId":"F805BA3A-178D-416E-9DED-4258F71A17C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"4FFED58A-46D2-40F1-9C20-DC7DC21E32E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"FF848B29-F381-43DF-B2C9-052AAE8AE732"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"CF65201D-8980-450A-A542-3B5473A6F374"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"16016F2A-3C7C-40BB-9A74-A1B4980DF763"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.4.2:*:*:*:*:*:*:*","matchCriteriaId":"B3DB64A6-E36B-4B4D-B7AF-ED437947D7DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.5:*:*:*:*:*:*:*","matchCriteriaId":"E22465F0-BADF-4993-B80B-378AC623D655"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2.6:*:*:*:*:*:*:*","matchCriteriaId":"37CDD0B7-CE7F-4A4E-A218-F0CBF57BAAED"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995794","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95098","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95098","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6028","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view."},{"lang":"es","value":"Los productos basados en tecnología IBM Jazz podrían permitir a un atacante ver los títulos de artículos de trabajo que ellos no tienen privilegios para ver."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95111","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95111","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6030","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95110","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95110","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6034","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.770","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges."},{"lang":"es","value":"IBM Tivoli Storage Manager para Virtual Environments (VMware) podría revelar las credenciales de dominio de Windows a un usuario con un alto nivel de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.3:*:*:*:*:vmware:*:*","matchCriteriaId":"07ADEB4E-924E-4836-A621-AD7396019AB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.4:*:*:*:*:vmware:*:*","matchCriteriaId":"25EDB1D0-C945-4938-891C-ECFCE13D66E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.4.0:*:*:*:*:vmware:*:*","matchCriteriaId":"22C70413-3251-45AD-A8A7-1A2DF12BB5FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6:*:*:*:*:vmware:*:*","matchCriteriaId":"6F8848A5-D6D1-4FF3-A549-99BEA94152CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6.2:*:*:*:*:vmware:*:*","matchCriteriaId":"BE6921A3-CFF7-41F6-A6E5-1417FD553B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6.3:*:*:*:*:vmware:*:*","matchCriteriaId":"13022D51-C7C4-4A41-BDC5-BC749F8E0359"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995544","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95976","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995544","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95976","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6039","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*","matchCriteriaId":"07DD3FB3-ABE3-4645-9AFB-429EA4EA818D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FF3780DD-9FAC-4850-AA83-DCA7D013FB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991153","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94853","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991153","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6040","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.817","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced."},{"lang":"es","value":"IBM Jazz Foundation podrían permitir a un usuario autenticado asumir el control de un usuario previamente registrado debido a que la expiración de sesión no está forzada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95115","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6042","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system in the same context as the victim."},{"lang":"es","value":"IBM AppScan Enterprise Edition podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, provocado por manipulación indebida de objetos en memoria. Al persuadir a una víctima para abrir un contenido especialmente manipulado, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema en el mismo contexto que la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"A6EEF97C-CAAC-4129-BDE8-244C0BBDCCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.0.1:-:enterprise:*:*:*:*:*","matchCriteriaId":"118F521C-ED24-4E17-85DF-7152D0457236"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.1.0:-:enterprise:*:*:*:*:*","matchCriteriaId":"024248B4-12E7-4EDD-A965-2D7EE5CEBDA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.1.1:-:enterprise:*:*:*:*:*","matchCriteriaId":"FC121336-C9B3-4BBE-9880-86DCF36940F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.2.0:-:enterprise:*:*:*:*:*","matchCriteriaId":"D6626CF3-B513-4410-AF28-38C744BE723A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.2.1:-:enterprise:*:*:*:*:*","matchCriteriaId":"6C8408C0-271C-4576-A8E6-CC481EE0ABED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.3.0:-:enterprise:*:*:*:*:*","matchCriteriaId":"32903FCA-B078-494F-BADF-E40B6FFCB2B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_appscan:9.0.3.1:-:enterprise:*:*:*:*:*","matchCriteriaId":"370F5DAB-5CDF-4D40-88F7-2C4509747BA8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995118","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995118","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6043","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tivoli Storage Manager Operations Center could allow a local user to take over a previously logged in user due to session expiration not being enforced."},{"lang":"es","value":"Tivoli Storage Manager Operations Center podría permitir a un usuario local asumir el control de un usuario previamente registrado debido a que la expiración de sesión no está forzada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0CC9CE1A-7416-4F41-8699-693C161D8EE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AAC31A7A-CFFB-4590-B6B4-494F1005E4B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8092D853-0E6D-4104-B85B-92132D925DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C1864921-DA58-433F-8DFE-BF1E25B02C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9A89E630-36F0-4807-B4B0-C53FFB636497"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0B7B9E69-407D-48E2-B49F-1C9263C052F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"212B26BB-0A19-41EB-811C-04C765374E8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"53CF0089-B81D-4738-85AC-E728DF77FBAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BB3B365E-0505-4A43-90A6-811D39BB6262"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B880E34D-A9B4-4A64-B734-71ADC0588761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E8CA94D1-06FB-4C94-83FB-2BC52676BBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"302756E5-F3E8-4F5E-90EA-A81A88DB55AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C980FE7-8B2D-4ED4-A5BF-78615AD0F596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FD269C39-1070-44C3-B7FC-968C12A344E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"F7AACC13-50CF-4229-B204-E30523A38721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"834EBEBA-70E1-4089-A064-6BBFAD50D1CB"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95090","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6044","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.910","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager Operations Center could allow an authenticated attacker to enable or disable the application's REST API, which may let the attacker violate security policy."},{"lang":"es","value":"IBM Tivoli Storage Manager Operations Center podría permitir a un atacante autenticado para habilitar o deshabilitar la APRI REST de la aplicación, lo que puede permitir que el atacante viole la política de seguridad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0CC9CE1A-7416-4F41-8699-693C161D8EE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AAC31A7A-CFFB-4590-B6B4-494F1005E4B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8092D853-0E6D-4104-B85B-92132D925DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C1864921-DA58-433F-8DFE-BF1E25B02C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9A89E630-36F0-4807-B4B0-C53FFB636497"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0B7B9E69-407D-48E2-B49F-1C9263C052F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"212B26BB-0A19-41EB-811C-04C765374E8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"53CF0089-B81D-4738-85AC-E728DF77FBAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BB3B365E-0505-4A43-90A6-811D39BB6262"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B880E34D-A9B4-4A64-B734-71ADC0588761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E8CA94D1-06FB-4C94-83FB-2BC52676BBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"302756E5-F3E8-4F5E-90EA-A81A88DB55AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C980FE7-8B2D-4ED4-A5BF-78615AD0F596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FD269C39-1070-44C3-B7FC-968C12A344E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"F7AACC13-50CF-4229-B204-E30523A38721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"834EBEBA-70E1-4089-A064-6BBFAD50D1CB"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95091","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6045","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.940","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."},{"lang":"es","value":"IBM Tivoli Storage Manager Operations Center es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario que confía en el sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0CC9CE1A-7416-4F41-8699-693C161D8EE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AAC31A7A-CFFB-4590-B6B4-494F1005E4B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8092D853-0E6D-4104-B85B-92132D925DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C1864921-DA58-433F-8DFE-BF1E25B02C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9A89E630-36F0-4807-B4B0-C53FFB636497"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0B7B9E69-407D-48E2-B49F-1C9263C052F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"212B26BB-0A19-41EB-811C-04C765374E8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"53CF0089-B81D-4738-85AC-E728DF77FBAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BB3B365E-0505-4A43-90A6-811D39BB6262"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B880E34D-A9B4-4A64-B734-71ADC0588761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E8CA94D1-06FB-4C94-83FB-2BC52676BBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"302756E5-F3E8-4F5E-90EA-A81A88DB55AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C980FE7-8B2D-4ED4-A5BF-78615AD0F596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FD269C39-1070-44C3-B7FC-968C12A344E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"F7AACC13-50CF-4229-B204-E30523A38721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"834EBEBA-70E1-4089-A064-6BBFAD50D1CB"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95087","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95087","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6046","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:01.973","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Tivoli Storage Manager Operations Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0CC9CE1A-7416-4F41-8699-693C161D8EE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AAC31A7A-CFFB-4590-B6B4-494F1005E4B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2:*:*:*:*:*:*:*","matchCriteriaId":"8092D853-0E6D-4104-B85B-92132D925DA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"3FFF3F1D-E6F5-4CA1-9BFD-C4C4B645FB0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C1864921-DA58-433F-8DFE-BF1E25B02C58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9A89E630-36F0-4807-B4B0-C53FFB636497"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:6.4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0B7B9E69-407D-48E2-B49F-1C9263C052F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1:*:*:*:*:*:*:*","matchCriteriaId":"212B26BB-0A19-41EB-811C-04C765374E8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"53CF0089-B81D-4738-85AC-E728DF77FBAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"CF39AAEE-2FC3-4ACC-AEF7-6E12EEEF0BCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BB3B365E-0505-4A43-90A6-811D39BB6262"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B880E34D-A9B4-4A64-B734-71ADC0588761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E8CA94D1-06FB-4C94-83FB-2BC52676BBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"302756E5-F3E8-4F5E-90EA-A81A88DB55AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C980FE7-8B2D-4ED4-A5BF-78615AD0F596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FD269C39-1070-44C3-B7FC-968C12A344E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"F7AACC13-50CF-4229-B204-E30523A38721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"834EBEBA-70E1-4089-A064-6BBFAD50D1CB"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95093","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6047","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Reporting Service (JRS) es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94843","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94843","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6054","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.037","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4D226029-A37F-486C-9DCD-1921671F242D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"83152595-8909-4AA4-A7D1-2E113A197B1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"103F9E24-E11F-4BAC-8EDB-86D332B9EC43"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*","matchCriteriaId":"07DD3FB3-ABE3-4645-9AFB-429EA4EA818D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FF3780DD-9FAC-4850-AA83-DCA7D013FB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:jazz_reporting_service:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9FCC8D80-8974-41F7-8225-474A9814ABD3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94842","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6059","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.083","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."},{"lang":"es","value":"IBM InfoSphere Information Server es vulnerable para una denegación de servicio, provocado por un error XML External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:C","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.3:*:*:*:*:*:*:*","matchCriteriaId":"BEE407E4-910C-4AF1-B87B-F9B01759DDFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.3.1:*:*:*:*:*:*:*","matchCriteriaId":"BD554818-742B-4033-B9FB-DD6E9BF76A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.5:*:*:*:*:*:*:*","matchCriteriaId":"0025F291-9862-4638-B96D-1ABEC3C31890"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*","matchCriteriaId":"9923389A-6B64-482B-A631-1B6B841CB9AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.3.1:*:*:*:*:*:*:*","matchCriteriaId":"45314D26-63E9-4795-ADE2-7F77F35C2D5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*","matchCriteriaId":"88A5CF53-1A0C-4519-90A7-DFF6629820B0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991683","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94032","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991683","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94032","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6061","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.113","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Jazz Foundation es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95117","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95117","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/support/docview.wss?uid=swg21996097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6065","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root."},{"lang":"es","value":"La aplicación IBM Security Guardium Database Activity Monitor podría permitir a un usuario local inyectar comandos que serían ejecutados como root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:8.2:*:*:*:*:*:*:*","matchCriteriaId":"57130C1B-80A6-4A33-8AD3-5C6F4669F3E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:9.0:*:*:*:*:*:*:*","matchCriteriaId":"64C62744-22BD-4038-8257-822ADDAC370D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:9.1:*:*:*:*:*:*:*","matchCriteriaId":"26EA5CC2-F4BE-4F22-AC85-1956EFA88B66"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:9.5:*:*:*:*:*:*:*","matchCriteriaId":"37342DD2-055B-429C-9231-2D9FE70B5AE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*","matchCriteriaId":"552A0A69-388F-4842-A882-78F267D4BF09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*","matchCriteriaId":"B9ACD03A-8D4C-4B94-81AB-D1BBD41E0182"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*","matchCriteriaId":"148A8443-DF7A-42AA-8D86-128CCC1D871E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*","matchCriteriaId":"45E6B962-F8F8-4979-BC76-AE0B16EEB082"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995657","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95145","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995657","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95145","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6072","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Maximo Asset Management es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B028794E-5FA0-4E3D-AC4D-A2826DD6282C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_aviation:-:*:*:*:*:*:*:*","matchCriteriaId":"3823051F-FD38-4874-8692-9744B82E65A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_life_sciences:-:*:*:*:*:*:*:*","matchCriteriaId":"F0660482-340B-4FDA-8F0A-323BE0167800"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_nuclear_power:-:*:*:*:*:*:*:*","matchCriteriaId":"C0E7B2B1-2746-40A4-83FC-DCEDE8B607BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_oil_and_gas:-:*:*:*:*:*:*:*","matchCriteriaId":"55DB8F6D-F7DB-485B-80D9-368188F2E858"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_transportation:-:*:*:*:*:*:*:*","matchCriteriaId":"537D5FEA-7809-4CB6-9D71-FC3C408B2611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_utilities:-:*:*:*:*:*:*:*","matchCriteriaId":"EEE303C7-7873-4754-926D-122FD45337FB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:smartcloud_control_desk:-:*:*:*:*:*:*:*","matchCriteriaId":"742BF86E-E5D2-4CC9-BD41-78C243995880"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_asset_management_for_it:-:*:*:*:*:*:*:*","matchCriteriaId":"54804AB9-79D4-45F8-98A3-B7D441849321"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_change_and_configuration_management_database:-:*:*:*:*:*:*:*","matchCriteriaId":"82C3D17D-CAA1-4ACE-9FF1-76FC9735ED67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_integration_composer:-:*:*:*:*:*:*:*","matchCriteriaId":"173EC315-107C-47DA-ADD3-2FF91412B52E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_service_request_manager:-:*:*:*:*:*:*:*","matchCriteriaId":"57A2B9AC-D5F8-4143-B1A5-4E26CCBCB3E2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991893","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94355","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991893","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94355","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6080","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WebAdmin context for WebSphere Message Broker allows directory listings which could disclose sensitive information to the attacker."},{"lang":"es","value":"El contexto WebAdmin para WebSphere Message Broker permite listas de directorios que podrían revelar información sensible al atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*","matchCriteriaId":"0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995004","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94641","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94641","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6082","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system."},{"lang":"es","value":"IBM BigFix Platform podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, provocado por una condición de carrera de uso después de liberación de memoria. Un atacante podría explotar esta vulnerabilidad para ejecutar código arbitario en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996375","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95297","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996375","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95297","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6084","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Platform could allow an attacker on the local network to crash the BES server using a specially crafted XMLSchema request."},{"lang":"es","value":"IBM BigFix Platform podría permitir a un atacante en la red local tirar el servidor BES utilizando una petición XMLSchema especialmente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996339","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95286","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996339","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95286","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6085","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers."},{"lang":"es","value":"IBM BigFix Platform podría permitir a un atacante en la red local tirar los servidores BES y de retransmisión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:P","baseScore":3.3,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996348","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95291","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95291","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6090","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service."},{"lang":"es","value":"IBM WebSphere Commerce contiene una vulnerabilidad no especificada que podría permitir divulgación de datos personales del usuario, realizando operaciones administrativas no autorizadas y potencialmente provocar una denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0.0","versionEndIncluding":"6.0.0.11","matchCriteriaId":"CB865746-2112-42CF-ADFD-229B393E83F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0.0","versionEndIncluding":"7.0.0.9","matchCriteriaId":"5F376974-4B8E-4339-9769-DD884F3286D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0.0","versionEndIncluding":"8.0.0.16","matchCriteriaId":"87CFED7E-4B3D-4A41-BED0-97FF6A9323D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_commerce:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.1.0","versionEndIncluding":"8.0.1.8","matchCriteriaId":"F18C0A33-73CF-4804-B966-4CC24772A65E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_commerce:8.0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"73A754F0-1328-48EF-B3C6-8435EC11D680"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992759","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93873","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037091","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992759","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93873","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6113","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Verse es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61387F03-916A-49FA-8B81-7145CEB5902D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B275FDF-B31D-4761-9CA5-4FFF2F439964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7FE36CC5-3991-4579-8B61-D97B09337F7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"931135FE-DA7D-4466-B830-CC07A9F0BCDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"A3D932FB-331E-4FB7-AF70-263B8D504654"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"20872C07-8850-4DE0-BE9E-D57E28B6647D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"1F3A847C-1EB2-40D3-B9F5-B3B7AB99C056"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"D80AF2E5-2756-4111-90B0-08039B9D07C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9E8FCBAE-79BC-4BD3-AE5C-06C53D7A1F9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"83A143B4-D4D5-498E-B50F-4CCF7EF6538B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"89453928-C022-45DD-9277-D8CF669DDB6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"AAE43FE8-8EC1-4774-93A2-E829098C9CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"DCB85F5F-867C-403C-9671-6DEFF66FCBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ABFDECA7-0DBE-41C7-A589-D342E0628BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"8F5B2A8B-7F17-40AE-AD7E-ADEAFF12BCFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"4FE3A838-8EB0-4D62-95CD-B882D61AA3C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"589D1CE3-A23C-4E7F-AD60-0B14BFD993A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"BBAD0259-8096-41CD-BA06-58E26F2821C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"28326C23-64DA-4FA0-9F3D-7660FC17C2E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"00533C2E-A05A-4F51-BD70-D6EF9AC0C0D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B9E1334-7CE9-406A-8CE5-FF48823A25B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B0AE9534-83FC-44EC-A04B-F81BDA2CC9D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"97EAEF94-7243-47C2-A934-A10AA65559A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94603","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992835","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94603","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037383","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6122","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 revela respuestas a las preguntas de seguridad en una respuesta a usuarios autenticados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94334","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94334","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6123","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94305","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94305","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6124","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 podría permitir a un atacante remoto para subir archivos arbitrarios, lo que podría permitir al atacante ejecutar código arbitrario en el servidor vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94306","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6125","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.567","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM TRIRIGA Application Platform es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94327","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94327","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6126","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 podría permitir a un atacante remoto recorrer los directorios en el sistema. Un atacante podría enviar una petición de URL especialmente manipulada que contenga la secuencia \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94301","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94301","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8911","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 podría permitir a un atacante remoto secuestrar la acción de clic de la víctima. Al persuadir a una víctima a visitar un sitio Web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestra las acciones de clic de la víctima y posiblemente lanzar además ataques contra la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94325","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94325","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8912","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.660","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 almacena información potencialmente sensible en archivos de registro que pueden ser leídos por un usuario autenticado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94324","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/118390","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94324","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8913","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."},{"lang":"es","value":"IBM Kenexa LMS en Cloud 13.1 y 13.2 - 13.2.4 podría permitir a un atacante remoto recorrer los directorios en el sistema. Un atacante podría enviar una petición de URL especialmente manipulada que contenga la secuencia \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94304","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94304","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8918","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Integration Bus, under non default configurations, could allow a remote user to authenticate without providing valid credentials."},{"lang":"es","value":"IBM Integration Bus, bajo configuraciones no predeterminadas, podría permitir a un usuario remoto autenticarse sin proporcionar credenciales válidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"92E6A5C9-29C2-458D-AA67-E74945E2012F"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995079","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94644","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995079","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8920","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.770","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.1:*:*:*:*:*:*:*","matchCriteriaId":"E30D036D-554E-4E26-B12B-50835DBD5B9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2:*:*:*:*:*:*:*","matchCriteriaId":"29B8559A-C8F7-4B9E-9ADA-A01574323D59"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.2:*:*:*:*:*:*:*","matchCriteriaId":"12ABCC49-7AE3-42D4-A420-98E2CF83B853"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.3:*:*:*:*:*:*:*","matchCriteriaId":"7C18D65C-E826-4579-9118-948E5F804C4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms_on_cloud:13.2.4:*:*:*:*:*:*:*","matchCriteriaId":"21EF7E0D-86CB-4BAE-817B-1CA906B1F682"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94303","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993982","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94303","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8921","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM FileNet WorkPlace XT could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."},{"lang":"es","value":"IBM FileNet WorkPlace XT podría permitir a un atacante remoto cargar archivos arbitrarios, lo que podría permitir al atacante ejecutar código arbitrario en el servidor vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:filenet_workplace_xt:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"3F0BB3E3-C1F5-46A2-80F0-D0B4C62FE376"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994018","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94582","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994018","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94582","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8922","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.833","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"Exphox WebRadar es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:web_content_manager_production_analytics:4.0:*:*:*:*:*:*:*","matchCriteriaId":"85D9E489-9996-4F91-9390-168EA958D4CD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_portal:8.0:*:*:*:*:*:*:*","matchCriteriaId":"2CE1E2EF-A079-4A67-AA50-0712D2E330F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_portal:8.5:*:*:*:*:*:*:*","matchCriteriaId":"F97CDB5F-2EA4-41E8-857B-5D76004C60B4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993561","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94413","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993561","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94413","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8934","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.880","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM WebSphere Application Server es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:*:*:*:*:*:*:*","matchCriteriaId":"49506702-1B31-4421-8DEE-5B789272EC6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.0:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"B6C5B5C9-835C-478A-AA19-4A0FAB880FB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:*:*:*:*:*:*:*","matchCriteriaId":"158777FD-83D1-44B9-83B4-A3F490CA76F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.1:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"8BCC0BDC-2847-4264-A57E-CD6F6D826254"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:*:*:*:*:*:*:*","matchCriteriaId":"EDA2FE6B-6E42-4E97-B803-DAB671D30FF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.2:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"08E5B0F7-8580-49B9-B418-F558CC97C302"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:*:*:*:*:*:*:*","matchCriteriaId":"72F5A562-5B2E-4BC7-8A81-EFE5ED265803"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.3:-:*:*:liberty_profile:*:*:*","matchCriteriaId":"022BB5C5-C4A9-4794-B770-681CE41390D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:*:*:*:*:*:*:*","matchCriteriaId":"168E2F18-56C6-4789-BBAC-C99D4792046F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.4:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"26A6B626-8122-44D7-837B-138B9B81E72B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:*:*:*:*:*:*:*","matchCriteriaId":"B53EBD40-8E1A-4516-927D-ED1CF212B211"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.5:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"1AA7B14D-F61D-4D64-B411-1099D33350AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:*:*:*:*:*:*:*","matchCriteriaId":"1A4E88BA-F637-4400-A64F-E6516AE8917C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.6:-:liberty_profile:*:*:*:*:*","matchCriteriaId":"0828CD76-B815-427B-8FE5-A6CDF8923334"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.7:*:*:*:*:*:*:*","matchCriteriaId":"32C745A6-FDE7-4236-BA1D-8BB22D184AA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.8:*:*:*:*:*:*:*","matchCriteriaId":"0C8EE753-8773-4DFF-90A7-35CE45C7EC30"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.9:*:*:*:*:*:*:*","matchCriteriaId":"F4B0179F-C523-4835-BDF2-E7C2166B4B8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.10:*:*:*:*:*:*:*","matchCriteriaId":"54026F65-6FA5-42E3-AE9C-F3668881A0F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5.11:*:*:*:*:*:*:*","matchCriteriaId":"F072D774-F55B-4B5E-A65D-CE1D00716D3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"79600453-6230-461B-BA56-3F8B7696D083"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:9.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"ADB9F706-FB93-45B7-8A00-73C100C77964"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:9.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"158899BA-035B-46D9-89A5-EEEB8169D1E8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995995","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95154","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995995","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95154","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8936","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.897","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Social Rendering Templates para Digital Data Connector es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:social_rendering_templates_for_digital_data_connector:1.0:*:*:*:*:*:*:*","matchCriteriaId":"AED8BFCC-3E19-4C69-8B76-4C07014FC634"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993895","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94443","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993895","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94443","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8941","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Productivity Center is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."},{"lang":"es","value":"IBM Tivoli Storage Productivity Center es vulnerable a la falsificación de solicitudes de sitios cruzados que podrían permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que confía el sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*","matchCriteriaId":"2FB125F9-9640-42BA-A414-C82BEC5BF3AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*","matchCriteriaId":"B0F7CE21-5BDB-43C1-880E-283C60756A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*","matchCriteriaId":"B1A87CE3-AAFE-4AA1-9EFE-4D7A8BECA93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.11:*:*:*:*:*:*:*","matchCriteriaId":"2040D2F9-FB7C-45FC-B74E-AE196FB4D4CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"F9DAD0D8-E45A-40F5-B35E-1FFBFE93245A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1CBF6AAA-005E-4C21-B499-760265498A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D93C1835-5793-48A4-90F5-21F16834E8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"33203119-EA71-42EA-AFC3-CD36F63D2D6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EBBD73A3-F5FC-4952-983E-8D0F6B79674E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"77C6EB27-5036-4EE3-A447-5CF3473D2FEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"324A9424-7966-4529-8B48-D4C41B727046"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"735826E4-B2E3-4AD4-8FDD-47AB95E4BB27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"39AFCA9A-8CDB-46F5-B4E7-36DDA8E3922F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"C7C352E7-64FB-488B-A1F1-1981E86B3BB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2E81D65F-3D95-47F2-B124-0D3B56BADCBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"FABEB2CE-2520-4AB4-9AC3-63B970CFEA83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"F94C6B21-B3BF-4C3B-8532-06D897D32E33"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94914","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94914","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8942","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:02.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Productivity Center could allow an authenticated user with intimate knowledge of the system to edit a limited set of properties on the server."},{"lang":"es","value":"IBM Tivoli Storage Productivity Center podría permitir a un usuario autenticado con un conocimiento íntimo del sistema editar un conjunto limitado de propiedades en el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*","matchCriteriaId":"2FB125F9-9640-42BA-A414-C82BEC5BF3AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*","matchCriteriaId":"B0F7CE21-5BDB-43C1-880E-283C60756A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*","matchCriteriaId":"B1A87CE3-AAFE-4AA1-9EFE-4D7A8BECA93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.11:*:*:*:*:*:*:*","matchCriteriaId":"2040D2F9-FB7C-45FC-B74E-AE196FB4D4CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"F9DAD0D8-E45A-40F5-B35E-1FFBFE93245A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1CBF6AAA-005E-4C21-B499-760265498A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D93C1835-5793-48A4-90F5-21F16834E8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"33203119-EA71-42EA-AFC3-CD36F63D2D6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EBBD73A3-F5FC-4952-983E-8D0F6B79674E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"77C6EB27-5036-4EE3-A447-5CF3473D2FEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"324A9424-7966-4529-8B48-D4C41B727046"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"735826E4-B2E3-4AD4-8FDD-47AB95E4BB27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1_\\+:*:*:*:*:*:*:*","matchCriteriaId":"B5CAED10-09A4-4038-A649-47367EE7DDE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"39AFCA9A-8CDB-46F5-B4E7-36DDA8E3922F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"C7C352E7-64FB-488B-A1F1-1981E86B3BB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2E81D65F-3D95-47F2-B124-0D3B56BADCBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"FABEB2CE-2520-4AB4-9AC3-63B970CFEA83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"F94C6B21-B3BF-4C3B-8532-06D897D32E33"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94916","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94916","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8943","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Tivoli Storage Productivity Center es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.8:*:*:*:*:*:*:*","matchCriteriaId":"2FB125F9-9640-42BA-A414-C82BEC5BF3AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.9:*:*:*:*:*:*:*","matchCriteriaId":"B0F7CE21-5BDB-43C1-880E-283C60756A08"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.10:*:*:*:*:*:*:*","matchCriteriaId":"B1A87CE3-AAFE-4AA1-9EFE-4D7A8BECA93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_control:5.2.11:*:*:*:*:*:*:*","matchCriteriaId":"2040D2F9-FB7C-45FC-B74E-AE196FB4D4CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"F9DAD0D8-E45A-40F5-B35E-1FFBFE93245A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1CBF6AAA-005E-4C21-B499-760265498A56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D93C1835-5793-48A4-90F5-21F16834E8EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"33203119-EA71-42EA-AFC3-CD36F63D2D6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EBBD73A3-F5FC-4952-983E-8D0F6B79674E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"77C6EB27-5036-4EE3-A447-5CF3473D2FEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"324A9424-7966-4529-8B48-D4C41B727046"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"735826E4-B2E3-4AD4-8FDD-47AB95E4BB27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.4.1_\\+:*:*:*:*:*:*:*","matchCriteriaId":"B5CAED10-09A4-4038-A649-47367EE7DDE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"39AFCA9A-8CDB-46F5-B4E7-36DDA8E3922F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.5.1:*:*:*:*:*:*:*","matchCriteriaId":"C7C352E7-64FB-488B-A1F1-1981E86B3BB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2E81D65F-3D95-47F2-B124-0D3B56BADCBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"FABEB2CE-2520-4AB4-9AC3-63B970CFEA83"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_productivity_center:5.2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"F94C6B21-B3BF-4C3B-8532-06D897D32E33"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94917","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94917","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8961","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.020","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim."},{"lang":"es","value":"IBM BigFix Inventory v9 podría permitir a un atacante remoto realizar ataques de phishing, utilizando un ataque de redirección abierto. Persuadiendo a una víctima para que visite una web especialmente manipulada, un atacante remoto podría explotar esta vulnerabilidad para falsificar la URL mostrada para redirigir a un usuario a un sitio web malicioso que parecería ser de confianza. Esto podría permitir al atacante obtener información altamente sensible o realizar nuevos ataques contra la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2","matchCriteriaId":"E8C15EB9-71EE-4096-9D08-F3061A81AACA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995037","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95128","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995037","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95128","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8966","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.067","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM BigFix Inventory v9 podría permitir a un atacante remoto obtener información sensible, causado por el error para habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*","matchCriteriaId":"756EF6F6-8E1F-41BB-9A88-C12A6806F0D0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995023","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95138","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995023","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95138","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8980","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.097","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources."},{"lang":"es","value":"IBM BigFix Inventory v9 es vulnerable a una denegación de servicio, provocada por un error XML Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:C","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*","matchCriteriaId":"756EF6F6-8E1F-41BB-9A88-C12A6806F0D0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995013","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95141","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8981","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system."},{"lang":"es","value":"IBM BigFix Inventory v9 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*","matchCriteriaId":"756EF6F6-8E1F-41BB-9A88-C12A6806F0D0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994932","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95137","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994932","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95137","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9731","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T20:59:03.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Business Process Manager es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:business_process_manager:8.5.7.0:*:*:*:*:*:*:*","matchCriteriaId":"E245DD24-5C1E-4CF0-993D-0D79A5152594"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996158","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95105","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0371","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T21:59:00.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is enabled."},{"lang":"es","value":"La contraseña de Tivoli Storage Manager (TSM) puede ser mostrada en texto plano a través de la salida de rastreo de la aplicación mientras el rastreo de aplicaciones está habilitado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"7.1.0.0","versionEndIncluding":"7.1.6.2","matchCriteriaId":"119D7C39-ECBA-455E-A353-47F0D4CEDC08"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*","matchCriteriaId":"F480AA32-841A-4E68-9343-B2E7548B0A0C"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0.0","versionEndIncluding":"6.4.3.3","matchCriteriaId":"2E70A4ED-6C7B-4861-95A5-A4F6C06D6C05"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*","matchCriteriaId":"F480AA32-841A-4E68-9343-B2E7548B0A0C"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndIncluding":"6.3.2.5","matchCriteriaId":"833798D5-DDAC-44FE-9B34-61DFDD9F5A6D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*","matchCriteriaId":"F480AA32-841A-4E68-9343-B2E7548B0A0C"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*","matchCriteriaId":"E492C463-D76E-49B7-A4D4-3B499E422D89"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21985114","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94148","source":"psirt@us.ibm.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21985114","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6105","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T21:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 no realiza una comprobación de autenticación para un recurso crítico o funcionalidad que permite a los usuarios anónimos acceder a áreas protegidas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997741","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95904","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037763","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997741","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95904","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037763","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6117","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T21:59:00.163","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with active debugging code that can disclose sensitive information."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 puede ser implementado con código de depuración activo que puede revelar información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997983","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95905","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037764","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997983","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037764","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8967","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T21:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear text which can be read by a local user."},{"lang":"es","value":"IBM BigFix Inventory v9 9.2 almacena las credenciales de usuario en un texto claro que puede ser leído por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*","matchCriteriaId":"756EF6F6-8E1F-41BB-9A88-C12A6806F0D0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995019","source":"psirt@us.ibm.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95902","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995019","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95902","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0217","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."},{"lang":"es","value":"IBM Cognos Business Intelligence e IBM Cognos Analytics son vulnerables a las secuencias de comandos de sitios cruzados almacenadas, provocado por una validación incorrecta de las entradas suministradas por el usuario. Un atacante remoto podría explotar esta vulnerabilidad para inyectar una secuencia de comandos maliciosa en una página Web que se ejecutaría en el navegador Web de una víctima dentro del contexto de seguridad del sitio web de alojamiento, una vez que la página es visualizada. Un atacante podría usar esta vulnerabilidad para robar las credenciales de autenticación basadas en cookies de la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_analytics:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B5D3BFCE-18D9-4F2B-8562-ED7756417874"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_analytics:11.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1E18C634-18F1-42F4-A601-F6AE83FBC15A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_analytics:11.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D93335EA-78C6-4D29-A61C-9675D840394F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_analytics:11.0.3:*:*:*:*:*:*:*","matchCriteriaId":"75A61A7F-A5CD-4E39-A74D-8B052FC1221C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_analytics:11.0.4:*:*:*:*:*:*:*","matchCriteriaId":"CA3C46F3-5EC0-4814-AF0B-DA5FF9626CE5"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996417","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95681","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996417","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95681","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0218","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input.  A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked.  An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."},{"lang":"es","value":"IBM Cognos Business Intelligence e IBM Cognos Analytics son vulnerables a XSS, provocada por una validación inapropiada de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad usando una URL especialmente manipulada para ejecutar una secuencia de comandos en el navegador web de la victima dentro del contexto de seguridad del sitio web de alojamiento, una vez que se hace clic en la URL. Un atacante podría utilizar esta vulnerabilidad para robar credenciales de autenticación basadas en las cookies de la victima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B00BAD84-4BB6-41ED-835E-86AB150716D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*","matchCriteriaId":"6588FEE1-5A6F-4ED6-998A-B8CF54954F5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*","matchCriteriaId":"FDA8132D-A09E-4D4C-9A5D-D708010CCFFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7CCBB0AE-ECD1-4192-B1BB-18439A4CF7B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4A2AA637-B4F6-4C44-BC71-B9C6B06BA670"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21996417","source":"psirt@us.ibm.com"},{"url":"http://www.securityfocus.com/bid/95456","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21995691","source":"nvd@nist.gov","tags":["Patch","Vendor Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21996417","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95456","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0320","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy could allow an authenticated user to modify Ucd objects due to multiple REST endpoints not properly authorizing users editing UCD objects. This could affect the behavior of legitimately triggered processes."},{"lang":"es","value":"IBM UrbanCode Deploy podría permitir a un usuario autenticado modificar objetos Ucd debido a que múltiples endpoints REST no autorizan adecuadamente a los usuarios la edición de objetos UCD. Esto podría afectar el comportamiento de los procesos legítimamente desencadenados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000222","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95974","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95974","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2924","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."},{"lang":"es","value":"IBM Infosphere BigInsights es vulnerable a las secuencias de comandos de sitios cruzados, provocado por una validación incorrecta de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL manipulada para ejecutar la secuencia de comandos en el navegador Web de una víctima dentro del contexto de seguridad del sitio Web de alojamiento, una vez que se hace clic en la URL. Un atacante podría usar esta vulnerabilidad para robar las credenciales de autenticación basadas en cookies de la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:biginsights:4.2:*:*:*:*:*:*:*","matchCriteriaId":"CE9AC46F-FCC2-4AA8-BF8E-ED157243888E"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987499","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95973","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95973","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2941","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user."},{"lang":"es","value":"IBM UrbanCode Deploy crea archivos temporales durante la ejecución de pasos que podrían contener información sensible incluyendo contraseñas que podrían ser leídas por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000220","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95978","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000220","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95978","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2942","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy could allow an authenticated attacker with special permissions to craft a script on the server in a way that will cause processes to run on a remote UCD agent machine."},{"lang":"es","value":"IBM UrbanCode Deploy podría permitir a un atacante autenticado con permisos especiales crear una secuencia de comandos en el servidor de manera que los procesos se ejecuten en una máquina de agente UCD remota."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000218","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95975","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000218","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95975","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2992","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.383","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Infosphere BigInsights es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:biginsights:4.2:*:*:*:*:*:*:*","matchCriteriaId":"CE9AC46F-FCC2-4AA8-BF8E-ED157243888E"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987499","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95979","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21987499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95979","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5881","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995122","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95459","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037592","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995122","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037592","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5938","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on the system."},{"lang":"es","value":"IBM Kenexa LMS en Cloud permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95428","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95428","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5940","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95433","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95433","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5941","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system."},{"lang":"es","value":"IBM Kenexa LMS en Cloud podría permitir a un atacante remoto recorrer los directorios en el sistema. Un atacante podría enviar una petición de URL especialmente manipulada que contenga la secuencia \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95438","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95438","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5942","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.540","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95440","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95440","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5953","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable to view a certain view due to not being allowed permissions, the website responds with an error page where the session identifier is encoded as Base64 in the URL."},{"lang":"es","value":"IBM Sterling Order Management transmite el identificador de sesión dentro de la URL. Cuando un usuario no puede ver una determinada vista debido a que no se autorizan permisos, el sitio web responde con una página de error en la que el identificador de sesión se codifica como Base64 en la dirección URL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"843E8EC3-1965-48FE-8FB9-A6A08BDD4C67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"5F5029B7-9CE0-44B2-A12D-6D51A04B1C4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"01C65391-6BEB-437B-ADE2-A55D96309384"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.3:*:*:*:*:*:*:*","matchCriteriaId":"10A09606-CB52-4494-A9E5-D983DEBD54C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.4:*:*:*:*:*:*:*","matchCriteriaId":"C1CCE857-1D23-4F0E-AC7C-FD7B45913846"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_selling_and_fulfillment_foundation:9.5:*:*:*:*:*:*:*","matchCriteriaId":"443A72B2-E1F9-4069-8763-70F26498A058"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994521","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95431","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994521","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6001","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources."},{"lang":"es","value":"IBM Forms Experience Builder podría ser susceptible a una falsificación de solicitud del lado del servidor (SSRF) desde la interfaz de diseño de la aplicación, lo que permite una cierta divulgación de información de los recursos internos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:N/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:forms_experience_builder:8.5:*:*:*:*:*:*:*","matchCriteriaId":"645FC8F5-B9A8-4847-A53D-70168267A9C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:forms_experience_builder:8.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4808F228-79E0-43EC-86AA-5B7010191438"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:forms_experience_builder:8.6.0:*:*:*:*:*:*:*","matchCriteriaId":"FFF32D44-68F0-4E9A-A326-F065FC636A98"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991280","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95777","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991280","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95777","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6068","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.633","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy could allow an authenticated user with access to the REST endpoints to access API and CLI getResource secured role properties."},{"lang":"es","value":"IBM UrbanCode Deploy podría permitir a un usuario autenticado con acceso a los extremos REST acceder a las propiedades de la función segura API y CLI getResource."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000229","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95290","source":"psirt@us.ibm.com","tags":["Technical Description","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000229","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95290","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6110","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user."},{"lang":"es","value":"Tivoli Storage Manager de IBM, revela credenciales de inicio de sesión no cifradas en vCenter de Vmware que podrían ser obtenidas por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.6.3","matchCriteriaId":"E304158B-6966-495A-9E59-0AB7AF653E8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5999622E-68F7-4273-BAB7-0B07DCB78163"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:*:*:*:*:*:vmware:*:*","versionEndIncluding":"7.1.6.3","matchCriteriaId":"2A79BA60-E710-4181-8846-75720E84DA2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.0.0:*:*:*:*:vmware:*:*","matchCriteriaId":"F0EA6AF4-F907-4F6C-BA9D-0C74CC76D96F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996198","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95306","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996198","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95306","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6115","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM General Parallel File System is vulnerable to a buffer overflow. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with root privileges or cause the server to crash."},{"lang":"es","value":"IBM General Parallel File System es vulnerable a un desbordamiento de búfer. Un atacante remoto autenticado podría desbordar un búfer y ejecutar código arbitrario en el sistema con privilegios de root o provocar que el servidor se caiga."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E78F4327-0160-467E-8C2C-BDEBB4149227"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BDD19B4F-5738-4CB1-99FC-F40FDA8388AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B497D629-62AB-4F21-BDF4-02336A19E04C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"10E68BB2-4132-46F1-B8E9-9FA03FEB92BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"E1CBA1A7-02AF-4D59-A6FF-9C52903986EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"BEAC1912-1412-45B6-920C-A52510095977"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"59A4A5C6-8DF0-4431-BE2C-5C6815371C98"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F90908FF-0E10-4AFD-A38C-4D5E50C05FF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:general_parallel_file_system:4.1.0.8:*:*:*:*:*:*:*","matchCriteriaId":"591E5985-29A1-4C06-8832-DA1587CFE101"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"09C3AC64-B03E-4C63-B47D-608795A24321"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2E29D816-7A73-47EA-8DE6-E553CA0D1079"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"18C5A85C-F932-44CF-B3EA-691737C96C52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"9385B07C-881D-4A4E-A0F5-FF1BC88F8CFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"27319318-1C09-4CEE-BAE2-6E52C8FD8DCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"85F22D48-CB9C-434A-AFD7-50E4E980D1DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"52D0326F-B03A-4476-8E94-BC0D8ADD5321"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"564BDF5A-EAFF-47F5-A670-2019BB508DD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5E93E3DC-F8FA-493F-AD79-0DED309F3D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"1578B640-B312-4BE8-8036-9DCC7201B04E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.9:*:*:*:*:*:*:*","matchCriteriaId":"07B77EAE-2C00-4FC9-82F1-42638E7948A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.1.1.10:*:*:*:*:*:*:*","matchCriteriaId":"B33EDF97-2750-4041-BCA3-77E1235173AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9A55A717-5CA2-4073-80AA-16044EC23B7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"11BAE960-B5C8-4566-8D18-B2754069C933"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"D788F7B7-E3F5-495D-BF0D-EB5D6A57D84F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"33B349F3-C4A5-4EDA-8579-17AF297E4BA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"36357865-3811-45EF-98CB-0FA7D2FC0497"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:spectrum_scale:4.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"6E32967B-9D22-4120-8C58-FCCC2ECC424F"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=ssg1S1009639","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95272","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=ssg1S1009639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8919","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources."},{"lang":"es","value":"IBM WebSphere Application Server puede ser vulnerable a una denegación de servicio, provocada al permitir que los objetos serializados de fuentes no fiables se ejecuten y causen el consumo de recursos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"B0905C80-A1BA-49CD-90CA-9270ECC3940C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*","matchCriteriaId":"07EBB48B-4EE2-4333-851E-BA1B104FBE92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*","matchCriteriaId":"CBC9BD49-31BF-4D79-BAFE-5107D611FF61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","matchCriteriaId":"C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993797","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95650","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037710","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993797","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95650","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037710","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8928","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a la inyección de SQL. Un atacante remoto podría enviar sentencias SQL manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95447","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95447","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8929","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.790","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a la inyección de SQL. Un atacante remoto podría enviar sentencias SQL manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95437","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95437","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8930","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database."},{"lang":"es","value":"IBM Kenexa LMS en Cloud es vulnerable a la inyección de SQL. Un atacante remoto podría enviar sentencias SQL manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95449","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95449","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8931","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.883","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."},{"lang":"es","value":"IBM Kenexa LMS en Cloud podría permitir a un atacante remoto cargar archivos arbitrarios, lo que podría permitir al atacante ejecutar código arbitrario en el servidor vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95451","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8932","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.900","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud could allow a remote attacker to upload arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable server."},{"lang":"es","value":"IBM Kenexa LMS en Cloud podría permitir a un atacante remoto cargar archivos arbitrarios, lo que podría permitir al atacante ejecutar código arbitrario en el servidor vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95443","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95443","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8933","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.930","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing dot dot sequences (/../) to view arbitrary files on the system."},{"lang":"es","value":"IBM Kenexa LMS en Cloud podría permitir a un atacante remoto recorrer los directorios en el sistema. Un atacante podría enviar una petición de URL especialmente manipulada que contenga secuencias \"punto punto\" (/../) para ver archivos arbitrarios en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.1:*:*:*:*:*:*:*","matchCriteriaId":"95E5FF84-CDE4-4945-9151-81191E39C57F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2:*:*:*:*:*:*:*","matchCriteriaId":"BB9B9931-8E60-4D98-8797-E669E4D5BFAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9C2E4654-39DC-4DC8-A617-07A85D935912"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A744F1DC-C419-4287-B3DA-0EEB2310B81B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"17CC61B4-AF0C-4E60-8CD9-3644BC48E9A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.0:*:*:*:*:*:*:*","matchCriteriaId":"4B8D8758-F0B9-4FA4-BD04-33289E48EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.1:*:*:*:*:*:*:*","matchCriteriaId":"D24C3838-9D3A-4426-AEB4-238AB868DBC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lms:5.2:*:*:*:*:*:*:*","matchCriteriaId":"5C076D38-466E-4D0D-B049-130EA55F71F4"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95435","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8938","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy could allow a user to execute code using a specially crafted file upload that would replace code on the server. This code could be executed on the UCD agent machines that host customer's production applications."},{"lang":"es","value":"IBM UrbanCode Deploy podría permitir que un usuario ejecute código usando una carga de archivo especialmente creada que reemplazaría el código en el servidor. Este código podría ejecutarse en las máquinas de agente UCD que alojan las aplicaciones de producción del cliente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000237","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95289","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000237","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95289","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8963","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:00.993","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 stores potentially sensitive information in log files that could be read by a local user."},{"lang":"es","value":"IBM BigFix Inventory v9 almacena información potencialmente sensible en archivos de registro que pueden ser leídos por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2","matchCriteriaId":"E8C15EB9-71EE-4096-9D08-F3061A81AACA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995029","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95282","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995029","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8977","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.027","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system."},{"lang":"es","value":"IBM BigFix Inventory v9 podría revelar información sensible a un usuario no autorizado utilizando solicitudes HTTP GET. Esta información podría utilizarse para montar nuevos ataques contra el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:license_metric_tool:9.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7A9465A8-0C19-40C5-ADEB-B0EE8EC964CE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:hp:hp-ux:*:*:*:*:*:*:*:*","matchCriteriaId":"61A4F116-1FEE-450E-99AE-6AD9ACDDE570"},{"vulnerable":false,"criteria":"cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*","matchCriteriaId":"F7F01A55-7C37-4BAF-A4D4-61E8AC54FF79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","matchCriteriaId":"155AD4FB-E527-4103-BCEF-801B653DEA37"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:*:*:*:*:*:*:*:*","matchCriteriaId":"05924C67-F9A0-450E-A5B8-059651DD32E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_inventory:9.2:*:*:*:*:*:*:*","matchCriteriaId":"756EF6F6-8E1F-41BB-9A88-C12A6806F0D0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995014","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95308","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995014","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8982","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.057","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history."},{"lang":"es","value":"IBM InfoSphere Information Server almacena información sensible en parámetros de URL. Esto puede conducir a la divulgación de información si las partes no autorizadas tienen acceso a las URL a través de los registros del servidor, el encabezado de referencia o el historial del navegador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:8.7:*:*:*:*:*:*:*","matchCriteriaId":"2CB1760D-FED4-4430-9CFB-83608956E424"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:9.1:*:*:*:*:*:*:*","matchCriteriaId":"6EADE407-3A84-49ED-B818-63B42EE47EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.3:*:*:*:*:*:*:*","matchCriteriaId":"BEE407E4-910C-4AF1-B87B-F9B01759DDFC"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995895","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95651","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037616","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995895","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95651","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037616","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8999","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS."},{"lang":"es","value":"IBM InfoSphere Information Server contiene una vulnerabilidad de importación a la hoja de estilo relativa a la ruta que permite a atacantes procesar una página en modo qirks, lo que facilita a un atacante inyectar CSS malicioso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:8.7:*:*:*:*:*:*:*","matchCriteriaId":"2CB1760D-FED4-4430-9CFB-83608956E424"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:9.1:*:*:*:*:*:*:*","matchCriteriaId":"6EADE407-3A84-49ED-B818-63B42EE47EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.3:*:*:*:*:*:*:*","matchCriteriaId":"BEE407E4-910C-4AF1-B87B-F9B01759DDFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.5:*:*:*:*:*:*:*","matchCriteriaId":"0025F291-9862-4638-B96D-1ABEC3C31890"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*","matchCriteriaId":"42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*","matchCriteriaId":"F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*","matchCriteriaId":"9923389A-6B64-482B-A631-1B6B841CB9AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*","matchCriteriaId":"88A5CF53-1A0C-4519-90A7-DFF6629820B0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995155","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95325","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037563","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95325","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037563","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9000","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct clickjacking or other client-side browser attacks."},{"lang":"es","value":"IBM InfoSphere DataStage es vulnerable a las secuencias de comandos de trama cruzada, provocadas por la insuficiente protección HTML de iframe. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL manipulada para navegar a una página web que controla el atacante. Un atacante podría usar esta vulnerabilidad para realizar ataques de clickjacking u otros ataques del navegador del lado del cliente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:8.7:*:*:*:*:*:*:*","matchCriteriaId":"2CB1760D-FED4-4430-9CFB-83608956E424"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:9.1:*:*:*:*:*:*:*","matchCriteriaId":"6EADE407-3A84-49ED-B818-63B42EE47EBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.3:*:*:*:*:*:*:*","matchCriteriaId":"BEE407E4-910C-4AF1-B87B-F9B01759DDFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_datastage:11.5:*:*:*:*:*:*:*","matchCriteriaId":"0025F291-9862-4638-B96D-1ABEC3C31890"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server_on_cloud:11.5:*:*:*:*:*:*:*","matchCriteriaId":"88A5CF53-1A0C-4519-90A7-DFF6629820B0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995257","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95324","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037564","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95324","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037564","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9008","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent."},{"lang":"es","value":"IBM UrbanCode Deploy podría permitir a un usuario malintencionado acceder a la interfaz Agente Relay ActiveMQ Broker JMX y ejecutar complementos en el agente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:*","matchCriteriaId":"B6C176CC-51F9-4C53-B0F8-D0E0A5387CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4BEE7852-A76C-4085-B14D-8BA67D825A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C35B3347-EE12-4E84-92D9-533DA7F1581E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"32C10FFF-250A-4530-B631-1B1DAA3B4BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"DE176DE5-BB60-4999-A2B4-D93C8AB776DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"751113D0-7085-4AE7-8F39-292293F297FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31217ED6-C154-49CF-BD65-C272D630F58A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1F69D247-B168-40EC-BA4B-1C50879B64BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"1894FAF3-1E8E-4A4F-9044-B9176CB2BD1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C822B4AB-4032-4BEB-A413-A80398A28EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.9:*:*:*:*:*:*:*","matchCriteriaId":"FF310F06-6674-470E-B258-4DF042B1FA68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.10:*:*:*:*:*:*:*","matchCriteriaId":"AEF92016-8494-4EBE-A32F-A123C1517F63"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.11:*:*:*:*:*:*:*","matchCriteriaId":"744A36AB-5BC8-4FE1-BB91-9BC3019EBB99"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.12:*:*:*:*:*:*:*","matchCriteriaId":"A4535B6A-0791-4855-BED4-01A8279F4930"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C108D461-F391-491B-B1B4-AEB3155C2196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.0.1.14:*:*:*:*:*:*:*","matchCriteriaId":"5A66AD80-303B-44B0-B773-701503F5B7E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7AF8BEEC-5F93-424B-94F6-622B9BA84CDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"F4E6CFA4-8FD7-4106-800C-BE84B63D3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5DE72929-3618-4341-83DC-E4A006EE3D0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F59AC6D5-1F06-4EC4-BD36-6FA5221AE611"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D7ED1843-E659-4931-8E08-8867D4286A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6082BBED-6184-4173-BF5A-5B536FADBB39"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"70E082B0-B404-4E5E-9FC7-2B0B6F363A9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1A5583AF-A3CE-4AEE-8D0F-5E0FE22BC3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"054A3ED4-290A-484D-9F51-93A71968CAA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C5B4753-3685-4088-A4B1-C4AE58C11F3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"32732445-6761-40F0-836B-E7EAC9B9239B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"EF8034DC-C20D-4972-AFBA-D3EBF8664164"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"5409F075-5268-476E-BEFE-2B93C8BB2870"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F43800F6-328E-4481-B6AE-44A50F368314"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"C6A0A50D-547C-4508-8D6C-DBE26D0CEEF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*","matchCriteriaId":"5E3BCD23-4033-443D-B2D5-CAF69FCD22D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A72039-925C-48AE-8012-BA6AEE659D27"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"57A488B1-1221-46C4-B97D-B895368E3A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*","matchCriteriaId":"AF8D9BF8-E9DD-4967-86CE-DE2A6FF6DADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8CFD390D-531E-4BC7-B9D4-74208E153F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EFBFBFFE-8E24-48C0-87D7-6E6D3017C79B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"93406315-DD19-45E5-84EE-B5D8F0A903D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1C970147-39E9-4CCC-9FDE-B70546941323"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"61F991AF-CD34-4307-85B0-58107E4CE1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"104066B9-7D5C-44FA-8745-DBD019761AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"456DB48D-39E4-4F66-BEC4-1B7B135214BA"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000238","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95283","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000238","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95283","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9703","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information."},{"lang":"es","value":"IBM Security Identity Manager Virtual Appliance no invalida los tokens de sesión que podrían permitir que un usuario no autorizado con acceso físico a la estación de trabajo obtenga información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"23D23095-D526-4735-A666-A6620EBCA3C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CE2D7A5C-41AC-4E8A-A472-EE5B4DE8B057"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"81F8CB1B-34F1-4952-8095-2313E0657F75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"355D404A-303D-49D5-9C66-296B0FE8C0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A653A865-6296-473D-A897-9F4EADEA4EF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"43FB915B-4104-4012-8B72-099A9F4E405A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CB3CF789-1B24-47B5-9DDA-46638DC18B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"44BC4874-18D9-48C2-8ED8-100FBDF06C19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"F0EEFE4E-0A80-4393-A6CC-7EC338138A9B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95327","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95327","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9704","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Security Identity Manager Virtual Appliance es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"23D23095-D526-4735-A666-A6620EBCA3C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CE2D7A5C-41AC-4E8A-A472-EE5B4DE8B057"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"81F8CB1B-34F1-4952-8095-2313E0657F75"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"355D404A-303D-49D5-9C66-296B0FE8C0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A653A865-6296-473D-A897-9F4EADEA4EF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"43FB915B-4104-4012-8B72-099A9F4E405A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CB3CF789-1B24-47B5-9DDA-46638DC18B56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"44BC4874-18D9-48C2-8ED8-100FBDF06C19"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"F0EEFE4E-0A80-4393-A6CC-7EC338138A9B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95323","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95323","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9739","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-01T22:59:01.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Identity Manager Virtual Appliance stores user credentials in plain in clear text which can be read by a local user."},{"lang":"es","value":"El Dispositivo virtual de IBM Security Identity Manager almacena las credenciales de usuario en un texto plano que puede ser leído por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D0187EA9-098C-4650-A385-4CACC1356F09"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77281156-D7B4-4A83-B662-9903DFA7605A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5009680B-056D-4C0D-8892-B432179C3EBF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"29A4723E-A314-43F7-8739-2E1F7AF25BCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A70ECF4B-6DBA-43C1-868B-0748B6F57E3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A1F8C579-41C6-4AB5-852D-B216805AA5E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B3AFC036-3A80-4A5C-B8F3-9AB63AA8A3BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C7D9FDEA-6E19-448F-AF36-2602C8368D1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_identity_manager:7.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"533AC1D5-3D05-4038-9186-754105F512C2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"psirt@us.ibm.com","tags":["Patch","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95326","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95326","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037765","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5630","sourceIdentifier":"cve@mitre.org","published":"2017-02-01T23:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite."},{"lang":"es","value":"PECL en la clase de utilidad de descarga en el Instalador en PEAR Base System v1.10.1 no valida los tipos de archivo y los nombres de archivo después de una redirección, lo que permite a los servidores remotos HTTP sobrescribir los archivos a través de respuestas manipuladas, como se demuestra por una sobreescritura .htaccess."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:pear:1.10.1:*:*:*:*:*:*:*","matchCriteriaId":"CF8958FB-0D66-4B79-90F4-B363BF62BD79"}]}]}],"references":[{"url":"http://pear.php.net/bugs/bug.php?id=21171","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95882","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41185/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://pear.php.net/bugs/bug.php?id=21171","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95882","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41185/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5218","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T07:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept."},{"lang":"es","value":"Se descubrió un problema de inyección de SQL en SageCRM 7.x en versiones anteriores a 7.3 SP3. El recurso Web AP_DocumentUI.asp incluye Utilityfuncs.js cuando se abre o se ve el archivo. Este archivo crea una instrucción SQL para identificar la base de datos que se va a utilizar con la sesión del usuario actual. La variable de base de datos se puede rellenar desde la URL y, cuando se proporcionan caracteres no esperados, se pueden manipular para obtener acceso a la base de datos subyacente. El /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=&database=1';WAITFOR DELAY '0: 0: 5' - URI es una prueba de concepto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.0:*:*:*:*:*:*:*","matchCriteriaId":"D07474DA-DDB9-4CC8-BF2D-256C6DD86C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.1:*:*:*:*:*:*:*","matchCriteriaId":"56402F12-04E0-407F-9DED-AEE6AA148756"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.2:*:*:*:*:*:*:*","matchCriteriaId":"5E13E266-B6F9-476A-8728-C97AB4493703"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:*:*:*:*:*:*:*","matchCriteriaId":"6DCCCD34-465A-4D2A-AB74-07E368CF98DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:sp1:*:*:*:*:*:*","matchCriteriaId":"D50B7DB0-52AB-46EC-AD32-375A5CCE3416"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:sp2:*:*:*:*:*:*","matchCriteriaId":"85CD71BD-9F51-4FE3-8C66-706967996C54"}]}]}],"references":[{"url":"http://research.aurainfosec.io/disclosures/sagecrm-CVE-2017-5219-CVE-2017-5218/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95968","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://research.aurainfosec.io/disclosures/sagecrm-CVE-2017-5219-CVE-2017-5218/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95968","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5219","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T07:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component file, which will be extracted to the inf directory outside of the webroot. By creating a zip file containing an empty .ecf file, to pass file-validation checks, any other file provided in zip file will be extracted onto the filesystem. In this case, a web shell with the filename '..\\WWWRoot\\CustomPages\\aspshell.asp' was included within the zip file that, when extracted, traversed back out of the inf directory and into the SageCRM webroot. This permitted remote interaction with the underlying filesystem with the highest privilege level, SYSTEM."},{"lang":"es","value":"Se descubrió un problema en SageCRM 7.x en versiones anteriores a 7.3 SP3. La funcionalidad de Component Manager, proporcionada por SageCRM, permite añadir componentes adicionales a la aplicación para mejorar la funcionalidad proporcionada. Esta funcionalidad permite cargar un archivo zip, que contiene un archivo de componente .ecf válido, que se extraerá al directorio inf fuera del webroot. Al crear un archivo zip que contenga un archivo .ecf vacío, para pasar las comprobaciones de validación de archivos, cualquier otro archivo proporcionado en archivo zip se extraerá en el sistema de archivos. En este caso, se incluyó un shell web con el nombre de archivo '.. \\WWWRoot\\CustomPages\\aspshell.asp' dentro del archivo zip que, al ser extraído, se volvía al directorio inf y al webroot de SageCRM. Esto permitió la interacción remota con el sistema de archivos subyacente con el nivel de privilegio más alto, SYSTEM."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:*:*:*:*:*:*:*","matchCriteriaId":"6DCCCD34-465A-4D2A-AB74-07E368CF98DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:sp1:*:*:*:*:*:*","matchCriteriaId":"D50B7DB0-52AB-46EC-AD32-375A5CCE3416"},{"vulnerable":true,"criteria":"cpe:2.3:a:sagecrm:sagecrm:7.3:sp2:*:*:*:*:*:*","matchCriteriaId":"85CD71BD-9F51-4FE3-8C66-706967996C54"}]}]}],"references":[{"url":"http://research.aurainfosec.io/disclosures/sagecrm-CVE-2017-5219-CVE-2017-5218/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95968","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://research.aurainfosec.io/disclosures/sagecrm-CVE-2017-5219-CVE-2017-5218/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95968","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-1566","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T15:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.  NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed."},{"lang":"es","value":"Vulnerabilidad de XSS en el navegador de archivos de Guacamole 0.9.8 y 0.9.9, cuando la transferencia de archivos está habilitada en una ubicación compartida por varios usuarios, permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de un nombre de archivo manipulado. NOTA: esta vulnerabilidad se corrigió en guacamole.war el 2016-01-13, pero no se cambió el número de versión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:guacamole:0.9.8:*:*:*:*:*:*:*","matchCriteriaId":"499312E8-42AE-4250-B3E2-DAE773A72C0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:guacamole:0.9.9:*:*:*:*:*:*:*","matchCriteriaId":"DBACA320-E201-404A-9B7E-121ABACD5ED7"}]}]}],"references":[{"url":"https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5600","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T15:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account."},{"lang":"es","value":"El componente Data Warehouse en NetApp OnCommand Insight en versiones anteriores a 7.2.3 permite a atacantes remotos obtener acceso administrativo aprovechando una cuenta privilegiada predeterminada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.2","matchCriteriaId":"9BE433F3-39BE-4B97-A6B2-954E1FD0C99E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96041","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20170131-0001","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96041","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20170131-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6234","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T16:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (crash) via a crafted jpeg file."},{"lang":"es","value":"La función process_file en lepton/jpgcoder.cc en Dropbox lepton 1.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo jpeg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lepton_project:lepton:1.0:*:*:*:*:*:*:*","matchCriteriaId":"73883954-38C0-4AA3-98F3-6DCBAA3C378C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6235","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T16:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted jpeg file."},{"lang":"es","value":"La función setup_imginfo_jpg en lepton/jpgcoder.cc en Dropbox lepton 1.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) a través de un archivo jpeg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lepton_project:lepton:1.0:*:*:*:*:*:*:*","matchCriteriaId":"73883954-38C0-4AA3-98F3-6DCBAA3C378C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6236","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T16:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file."},{"lang":"es","value":"La función setup_imginfo_jpg en lepton/jpgcoder.cc en Dropbox lepton 1.0 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de limites) a través de un archivo jpeg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lepton_project:lepton:1.0:*:*:*:*:*:*:*","matchCriteriaId":"73883954-38C0-4AA3-98F3-6DCBAA3C378C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6237","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T16:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file."},{"lang":"es","value":"La función build_huffcodes en lepton/jpgcoder.cc en Dropbox lepton 1.0 permite a atacantes remotos provocar denegación de servicio (escritura fuera de límites) a través de un archivo jpeg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lepton_project:lepton:1.0:*:*:*:*:*:*:*","matchCriteriaId":"73883954-38C0-4AA3-98F3-6DCBAA3C378C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6238","sourceIdentifier":"cve@mitre.org","published":"2017-02-02T16:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 allows remote attackers to cause denial of service (out-of-bounds read) via a crafted jpeg file."},{"lang":"es","value":"La función write_ujpg en lepton/jpgcoder.cc en Dropbox lepton 1.0 permite a atacantes remotos causar denegación de servicio (fuera de los límites de lectura) a través de un archivo jpeg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lepton_project:lepton:1.0:*:*:*:*:*:*:*","matchCriteriaId":"73883954-38C0-4AA3-98F3-6DCBAA3C378C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dropbox/lepton/issues/26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5935","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM Jazz for Service Management podría permitir a un atacante remoto obtener información sensible, provocado por el fallo de validar correctamente el certificado SSL. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashboard_application_services_hub:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C16FFACB-4BCC-4835-9961-137A704199BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A4D61491-0785-4193-A828-2177AFB81380"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997711","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96003","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997711","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6095","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 utiliza una configuración de bloqueo de cuentas inadecuada que podría permitir a un atacante remoto forzar las credenciales de la cuenta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997802","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95965","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997802","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6099","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 revela información sensible a usuarios no autorizados. La información se puede utilizar para montar ataques adicionales en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997924","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95958","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997924","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95958","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6103","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 es vulnerable a la falsificación de solicitudes de sitios cruzados, lo que podría permitir a un atacante ejecutar acciones malintencionadas y no autorizadas transmitidas por un usuario en el que confía el sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997949","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95950","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997949","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95950","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6116","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto obtener información sensible, provocado por el error al habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man-in-the-middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997805","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95966","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997805","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95966","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-1093","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-02T22:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges."},{"lang":"es","value":"IBM AIX 6.1, 7.1 y 7.2 podría permitir a un usuario local explotar una vulnerabilidad en el bellmail binario para obtener privilegios de root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","matchCriteriaId":"FD518B94-9CD7-4C45-8766-578CF427B4CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0402E20C-8B41-4A2A-BFF9-92EC843985F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*","matchCriteriaId":"6791504A-A48A-4ED0-94AF-4C8A3B91516F"}]}]}],"references":[{"url":"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95891","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037748","source":"psirt@us.ibm.com"},{"url":"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory2.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95891","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037748","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-0890","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual (Management) Appliance 2.0 SP1 is affected by a sensitive information disclosure vulnerability that may potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC PowerPath Virtual Appliance 2.0, EMC PowerPath Virtual Appliance 2.0 SP1 se ve afectado por una vulnerabilidad de divulgación de información sensible que potencialmente puede ser explotada por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:powerpath_virtual_appliance:2.0:*:*:*:*:*:*:*","matchCriteriaId":"F09BB019-BBAF-4E66-A875-FA7A9E0FB0CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:powerpath_virtual_appliance:2.0:sp1:*:*:*:*:*:*","matchCriteriaId":"24D50243-F77A-4B66-8F45-5C2CBA3128C3"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540065/30/0/threaded","source":"security_alert@emc.com","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95832","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540065/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95832","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0919","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC RSA Web Threat Detection versión 5.0, RSA Web Threat Detection versión 5.1, RSA Web Threat Detection versión 5.1.2 tiene una vulnerabilidad de XSS que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rsa:web_threat_detection:5.0:*:*:*:*:*:*:*","matchCriteriaId":"D88F4596-F066-4C65-A439-819E732A9548"},{"vulnerable":true,"criteria":"cpe:2.3:a:rsa:web_threat_detection:5.1:*:*:*:*:*:*:*","matchCriteriaId":"6CB1DFEC-8E37-4003-85F7-3EE94B9E5A95"},{"vulnerable":true,"criteria":"cpe:2.3:a:rsa:web_threat_detection:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"802254CF-09C4-4B75-AE06-C03C619DEDFC"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540057/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95820","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037726","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540057/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95820","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6648","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by sensitive information disclosure vulnerability as a result of incorrect permissions set on a sensitive system file. A malicious administrator with configuration privileges may access this sensitive system file and compromise the affected system."},{"lang":"es","value":"Las versiones de EMC RecoverPoint anteriores a 4.4.1.1 y las versiones de EMC RecoverPoint for Virtual Machines anteriores a 5.0 se ven afectadas por la vulnerabilidad de divulgación de información sensible como resultado de permisos incorrectos establecidos en un archivo de sistema sensible. Un administrador malicioso con privilegios de configuración puede tener acceso a este archivo del sistema sensible y comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.0","matchCriteriaId":"FBC82D11-58B7-4240-8D63-70B5A8C0E11A"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0","matchCriteriaId":"21147BAA-B472-4237-AEDF-AD59EE22EE03"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6649","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root."},{"lang":"es","value":"EMC RecoverPoint en versiones anteriores a 4.4.1.1 y EMC RecoverPoint for Virtual Machines en versiones anteriores a 5.0 están afectados por múltiples vulnerabilidades de inyección de comandos en las que un administrador malicioso con privilegios de configuración puede eludir la interfaz de usuario y escalar sus privilegios para root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4.1.0","matchCriteriaId":"FBC82D11-58B7-4240-8D63-70B5A8C0E11A"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:recoverpoint_for_virtual_machines:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0","matchCriteriaId":"21147BAA-B472-4237-AEDF-AD59EE22EE03"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540058/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8211","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 prior to patch 446 has a path traversal vulnerability that may potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC Data Protection Advisor 6.2.1, EMC Data Protection Advisor 6.2.2, EMC Data Protection Advisor 6.2.3 anterior al parche 446 tiene una vulnerabilidad de salto de ruta que puede ser potencialmente explotada por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:emc_data_protection_advisor:6.1:*:*:*:*:*:*:*","matchCriteriaId":"7FE380D1-FAAD-456C-8B27-2FC319EBA9B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:emc_data_protection_advisor:6.2:*:*:*:*:*:*:*","matchCriteriaId":"D1941D69-2AFA-46AF-B5A6-DA54A704919A"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"AB940714-D9FD-4980-9F0C-430A36E4AEEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"DB16268F-3AF2-40E1-B762-8735112B193A"},{"vulnerable":true,"criteria":"cpe:2.3:a:dell:emc_data_protection_advisor:6.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A6BF7A92-9944-48FA-81A5-74853E38B678"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540067/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95833","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037729","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540067/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95833","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037729","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8212","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748."},{"lang":"es","value":"Se descubrió un problema en las versiones de EMC RSA BSAFE Crypto-J anteriores a 6.2.2. Hay una Vulnerabilidad de validación OCSP incorrecta. Las respuestas OCSP tienen dos valores de tiempo: thisUpdate y nextUpdate. Éstos especifican un período de validez; Sin embargo, ambos valores son opcionales. Crypto-J trata la falta de un nextUpdate como indicando que la respuesta OCSP es válida indefinidamente en lugar de restringir su validez durante un breve período que rodea el tiempo thisUpdate. Esta vulnerabilidad es similar al problema descrito en CVE-2015-4748."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-404"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.2","matchCriteriaId":"851A69E5-4591-4C1E-8824-1A30F1B885C3"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540066/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95831","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037732","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540066/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95831","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037732","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8216","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) 5.5 family all versions prior to 5.5.5.0, EMC Data Domain OS (DD OS) 5.6 family all versions prior to 5.6.2.0, EMC Data Domain OS (DD OS) 5.7 family all versions prior to 5.7.2.10 has a command injection vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Data Domain OS (DD OS) 5.4 todas las versiones, familia EMC Data Domain OS (DD OS) 5.5 todas las versiones anteriores a 5.5.5.0, familia EMC Data Domain OS (DD OS) 5.6 todas las versiones anteriores a 5.6.2.0, familia EMC Data Domain OS (DD OS) 5.7 todas las versiones anteriores a 5.7.2.10 tienen una vulnerabilidad de inyección de comandos que podría ser explotada por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:emc_data_domain_os:5.4:*:*:*:*:*:*:*","matchCriteriaId":"4F1B32F0-314B-4461-A25C-B44D05A58A8B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:emc_data_domain_os:5.5:*:*:*:*:*:*:*","matchCriteriaId":"04030715-63F7-4DD1-9513-2E131BD9B13D"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:emc_data_domain_os:5.6:*:*:*:*:*:*:*","matchCriteriaId":"846D0C1D-F93E-4685-9DFA-90FCD360F41B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dell:emc_data_domain_os:5.7:*:*:*:*:*:*:*","matchCriteriaId":"2E70A9F7-A09A-4E69-ABE7-A624CC00D1BB"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540059/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95829","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037728","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540059/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95829","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037728","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8217","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601."},{"lang":"es","value":"EMC RSA BSAFE Crypto-J en versiones anteriores a 6.2.2 tiene una vulnerabilidad de ataque de sincronización PKCS#12. Un posible ataque de sincronización podría llevarse a cabo modificando un archivo PKCS#12 que tiene un MAC de integridad para el que no se conoce la contraseña. Un atacante podría entonces alimentar el archivo PKCS#12 modificado al toolkit y adivinar el MAC actual de un byte a la vez. Esto es posible porque Crypto-J utiliza un método de tiempo no constante para comparar el MAC almacenado con el MAC calculado. Esta vulnerabilidad es similar al problema descrito en CVE-2015-2601."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*","versionEndExcluding":"6.2.2","matchCriteriaId":"851A69E5-4591-4C1E-8824-1A30F1B885C3"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540066/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95831","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037732","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540066/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95831","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037732","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9871","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system."},{"lang":"es","value":"EMC Isilon OneFS 7.1.0.x, EMC Isilon OneFS 7.1.0.10, EMC Isilon OneFS 7.1.0.x se ve afectada por una vulnerabilidad de escalada de privilegios que podría ser potencialmente explotada por los atacantes para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2CD6F32C-BC12-455D-9C78-F6485C72582E"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"E706E435-8E45-4ACB-8BBC-5AC458378D4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"3FE2D48E-39E8-42E6-8E82-AB9FA0547BAC"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DEDB97FE-6470-4AFE-A3B0-B664F132A190"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"A669BE6B-726F-4F34-A009-798E32FF6895"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4AE74624-A44D-4837-AD36-DBF3E93D5ED9"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"47CBA2E5-6E46-4922-B56B-3F8C578074B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"90C22C93-9069-406E-9A14-03F20AD34D11"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CDD30754-489E-42BA-8B51-1FEB5DC30912"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"D92501AC-0588-4051-9568-52074E8A2D33"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.7:*:*:*:*:*:*:*","matchCriteriaId":"F7407DAA-7740-45B0-BA99-03794C8B1215"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.8:*:*:*:*:*:*:*","matchCriteriaId":"F7E804DB-40F0-4FBF-8A85-A49767DC4022"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.9:*:*:*:*:*:*:*","matchCriteriaId":"D645B5EF-4333-48BF-960A-03AA2D624376"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.1.1.10:*:*:*:*:*:*:*","matchCriteriaId":"302422CE-3C0A-44E6-83ED-51EC65482B40"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7F551F88-3176-4E92-AE7A-FCAB3A220A45"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"26144325-6722-48C1-A0C2-BB78EF9BDE60"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"10B1B998-AEEE-4123-82F3-72D84EF681DC"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0828B061-28B4-4AEE-BBB9-AF287B90713C"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*","matchCriteriaId":"064C487D-517E-4F7B-A182-5DF287477652"},{"vulnerable":true,"criteria":"cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"D1600B1F-C307-457B-BC84-73339A64DF8D"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540050/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95800","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540050/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95800","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9872","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Documentum D2 versión 4.5 y EMC Documentum D2 versión 4.6 han reflejado vulnerabilidades de XSS que potencialmente podrían ser explotadas por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*","matchCriteriaId":"74C159C3-E978-4DDD-BF04-7756F9080485"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_d2:4.6:*:*:*:*:*:*:*","matchCriteriaId":"38C9D700-A616-4A9F-B4CD-A76FFE472516"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540060/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95824","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037733","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540060/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95824","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037733","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9873","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a DQL Injection Vulnerability that could potentially be exploited by malicious users to compromise the affected system. An authenticated low-privileged attacker could potentially exploit this vulnerability to access information, modify data or disrupt services by causing execution of arbitrary DQL commands on the application."},{"lang":"es","value":"EMC Documentum D2 versión 4.5 y EMC Documentum D2 versión 4.6 tiene una Vulnerabilidad de Inyección DQL que potencialmente podría ser explotada por usuarios malintencionados para comprometer el sistema afectado. Un atacante autenticado con pocos privilegios podría explotar potencialmente esta vulnerabilidad para acceder a información, modificar datos o interrumpir los servicios provocando la ejecución de comandos DQL arbitrarios en la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_d2:4.5:*:*:*:*:*:*:*","matchCriteriaId":"74C159C3-E978-4DDD-BF04-7756F9080485"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_d2:4.6:*:*:*:*:*:*:*","matchCriteriaId":"38C9D700-A616-4A9F-B4CD-A76FFE472516"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540060/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95828","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037733","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540060/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95828","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037733","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2766","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 SP1, EMC Documentum eRoom version prior to 7.4.5 P04, EMC Documentum eRoom version prior to 7.5.0 P01 includes an unverified password change vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Documentum eRoom versión 7.4.4, EMC Documentum eRoom versión 7.4.4 SP1, EMC Documentum eRoom versión anterior a 7.4.5 P04, EMC Documentum eRoom versión anterior a 7.5.0 P01 incluye una vulnerabilidad no verificada de cambio de contraseña que podría ser explotada por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.4:*:*:*:*:*:*:*","matchCriteriaId":"3DD159D8-DCB0-4A27-BEFC-BFC626B2C200"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.4:sp1:*:*:*:*:*:*","matchCriteriaId":"C44A1651-72B7-446A-98CA-18BD0E4E72D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.5:*:*:*:*:*:*:*","matchCriteriaId":"76F12875-669C-43C7-9D00-164089E27D84"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.5:p01:*:*:*:*:*:*","matchCriteriaId":"7ADC4B3E-A538-4A85-B084-AF4E47734C12"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.5:p02:*:*:*:*:*:*","matchCriteriaId":"E7E06195-1C7E-429E-8E39-CB2455741E2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.4.5:p03:*:*:*:*:*:*","matchCriteriaId":"8BED2FD3-0A0E-4C89-94BB-D02434499445"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:documentum_eroom:7.5.0:*:*:*:*:*:*:*","matchCriteriaId":"6DCE8AD3-12F1-4952-BAE7-98F0B667595F"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540077/30/0/threaded","source":"security_alert@emc.com","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95893","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540077/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95893","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2767","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.593","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains a Java RMI Remote Code Execution vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Network Configuration Manager (NCM) 9.4.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contiene una vulnerabilidad de Java RMI Remote Code Execution que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.3:*:*:*:*:*:*:*","matchCriteriaId":"A5898D8B-A49B-4B4E-B7E0-D4901C0C52C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4:*:*:*:*:*:*:*","matchCriteriaId":"F1230B15-B5CA-4C0E-B6C7-4DA2FD83E18F"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A611CEC3-D330-4385-A2AD-28F40B16BD3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4.2:*:*:*:*:*:*:*","matchCriteriaId":"DE535D78-B893-4909-8AF5-EDFC2430B6F2"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540085/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95938","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037761","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540085/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95938","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037761","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2768","sourceIdentifier":"security_alert@emc.com","published":"2017-02-03T07:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contains an Improper Authentication vulnerability that could potentially be exploited by malicious users to compromise the affected system."},{"lang":"es","value":"EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configuration Manager (NCM) 9.4.0.x, EMC Network Configuration Manager (NCM) 9.4.1.x, EMC Network Configuration Manager (NCM) 9.4.2.x contiene Una vulnerabilidad de autenticación incorrecta que podría ser explotada potencialmente por usuarios malintencionados para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.3:*:*:*:*:*:*:*","matchCriteriaId":"A5898D8B-A49B-4B4E-B7E0-D4901C0C52C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4:*:*:*:*:*:*:*","matchCriteriaId":"F1230B15-B5CA-4C0E-B6C7-4DA2FD83E18F"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4.1:*:*:*:*:*:*:*","matchCriteriaId":"A611CEC3-D330-4385-A2AD-28F40B16BD3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:smarts_network_configuration_manager:9.4.2:*:*:*:*:*:*:*","matchCriteriaId":"DE535D78-B893-4909-8AF5-EDFC2430B6F2"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540085/30/0/threaded","source":"security_alert@emc.com","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95936","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037761","source":"security_alert@emc.com"},{"url":"http://www.securityfocus.com/archive/1/540085/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037761","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3806","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in CLI command processing in the Cisco Firepower 4100 Series Next-Generation Firewall and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to inject arbitrary shell commands that are executed by the device. More Information: CSCvb61343. Known Affected Releases: 2.0(1.68). Known Fixed Releases: 2.0(1.118) 2.1(1.47) 92.1(1.1646) 92.1(1.1763) 92.2(1.101)."},{"lang":"es","value":"Una vulnerabilidad en el procesamiento de comandos CLI en el Firewall de próxima generación Cisco Firepower 4100 y en el dispositivo de seguridad Cisco Firepower 9300 podría permitir a un atacante autenticado y local inyectar comandos shell arbitrarios ejecutados por el dispositivo. Más información: CSCvb61343. Lanzamientos Afectados Conocidos: 2.0 (1.68). Lanzamientos Reparados Conocidos: 2,0 (1,118) 2,1 (1,47) 92,1 (1,1646) 92,1 (1,1763) 92,2 (1,101)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"0DB13378-A7CB-4EBB-B3FD-57F7F37965ED"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:5.4.0:*:*:*:*:*:*:*","matchCriteriaId":"D850EEF9-1967-4CE5-A30C-50180849BCAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E1AC6A67-82EF-4D31-AFCB-499A0C6EC0F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"995667FD-35F1-49E5-96DB-2FDFF5E0B523"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61FB47CF-2A6A-4121-BFF7-5862E163B8E5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95943","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95943","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3809","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.687","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Policy deployment module of the Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to prevent deployment of a complete and accurate rule base. More Information: CSCvb95281. Known Affected Releases: 6.1.0 6.2.0. Known Fixed Releases: 6.1.0.1 6.2.0."},{"lang":"es","value":"Una vulnerabilidad en el módulo de implementación de Políticas de Cisco Firepower Management Center (FMC) podría permitir que un atacante remoto no autenticado prevenga el despliegue de una base de reglas completa y precisa. Más información: CSCvb95281. Lanzamientos Afectados Conocidos: 6.1.0 6.2.0. Lanzamientos Reparados Conocidos: 6.1.0.1 6.2.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EEEB9A40-0062-406D-B56D-3163CBBE08D4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95941","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037776","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95941","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3810","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.733","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula."},{"lang":"es","value":"Una vulnerabilidad en el marco web de Cisco Prime Service Catalog podría permitir que un atacante remoto autenticado lleve a cabo un ataque de redirección de URL web contra un usuario que ha iniciado sesión en un sistema afectado. Más información: CSCvb21745. Lanzamientos afectados conocidos: 10.0_R2_tanggula."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_service_catalog:10.0\\(r2\\)_base:*:*:*:*:*:*:*","matchCriteriaId":"BFB4B497-7E1F-457E-9DF6-BCD7B528D931"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95947","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037772","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95947","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037772","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3812","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.763","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the implementation of Common Industrial Protocol (CIP) functionality in Cisco Industrial Ethernet 2000 Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to a system memory leak. More Information: CSCvc54788. Known Affected Releases: 15.2(5.4.32i)E2. Known Fixed Releases: 15.2(5.4.62i)E2."},{"lang":"es","value":"Una vulnerabilidad en la implementación de la funcionalidad Common Industrial Protocol (CIP) en Cisco Industrial Ethernet 2000 Series Switches podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) debido a una fuga del sistema de memoria. Más Información: CSCvc54788. Lanzamientos Afectados Conocidos: 15.2(5.4.32i)E2. Lanzamientos Reparados Conocidos: 15.2(5.4.62i)E2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"15.2\\(5.4.32i\\)e2","matchCriteriaId":"64126B06-A388-40D2-A0A7-6520BCC90EE8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-e_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"524D907D-4DDC-4439-A9E0-328BA272BE79"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"4057243E-C776-4048-AF08-F1339DECFB76"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16ptc-g-nx_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"F0D7518A-B5EA-493C-80C7-4938A36FF621"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16t67-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"0474966A-3F71-474F-926F-D4C03F0989D5"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16t67p-g-e_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"199F317F-4C29-4BE4-B5EE-FFD70C693A74"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-e_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"A805F6F4-D977-493F-B3E8-CCE64A6F5AE4"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"6DB0122F-82AB-467A-861B-9A9EAF36F695"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-n_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"69A29BB0-4033-4067-97E9-372C797A29CC"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-g-x_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"334BC0D6-E9D8-47F5-AB48-7AB3F3A17844"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_16tc-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"2F1931F1-02FC-4F7D-8C18-C1482CD2530D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_24t67-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"C8F9FB2B-D9AD-46DD-8D2E-0FB71E2EA825"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"75325EB7-ABB8-409F-BB8E-1696FB3D0DA7"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4s-ts-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"03CB2133-041C-48EE-8594-2F80C7A89A05"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4t-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"1C4D3841-67B6-4E21-A68D-FED30EC2CDEF"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"E906703D-3946-4EE7-BEF1-9753409FEEF8"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4t-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"D64C4436-6BB8-48EB-923D-11B6F9F18B1D"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4t-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"3ECD0A92-A198-463B-8046-92D738C40DAF"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"87C75A46-74FC-4AF1-AF76-0CAC422473E5"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"5FE4BC00-19FE-468C-8BCE-193E72066B0E"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"62729BD3-975A-4FCA-B255-FFFD51901081"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_4ts-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"0FAB865C-D5D6-474F-B42C-2C2958B1E876"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8t67-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"CE94DAA2-D52A-424B-8E17-FC17D4B117B4"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8t67p-g-e_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"429B7E0E-2897-4838-AC6B-41B3A5D85204"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"22980E67-0A91-473F-9F86-3B594D7BE9FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-b_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"4360DC5A-DD47-42C5-9940-B9FE24422758"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-e_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"417ACF82-6769-4441-92CB-8BD06470518A"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"36036C1F-2A42-4633-AFD7-F4F8DEADBDE7"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-g-n_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"FEE1A077-564B-49A3-84C4-3E9EA6EA7675"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:industrial_ethernet_2000_8tc-l_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"1DAFB25E-F057-423E-811D-1E4A8F9E2D73"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95946","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037771","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95946","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037771","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3814","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.780","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Firepower System Software could allow an unauthenticated, remote attacker to maliciously bypass the appliance's ability to block certain web content, aka a URL Bypass. More Information: CSCvb93980. Known Affected Releases: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0."},{"lang":"es","value":"Una vulnerabilidad en Cisco Firepower System Software podría permitir a un atacante remoto no autenticado eludir maliciosamente la capacidad del aparato para bloquear ciertos contenidos web, vulnerabilidad también conocida como un URL Bypass. Más Información: CSCvb93980. Lanzamientos Afectados Conocidos: 5.3.0 5.4.0 6.0.0 6.0.1 6.1.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"30E233C0-7547-479D-BC2B-A9F75106ADF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:5.4.0:*:*:*:*:*:*:*","matchCriteriaId":"27EA38C1-A34F-430A-92F7-1D299F78B449"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"036E4035-E8E2-4964-A6F4-7292E1804E91"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6D1AFAC1-419D-4ADB-868B-1544BED58B7F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"6614ED6C-E77E-4C0D-AA96-0BEE84BE2F94"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95942","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95942","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3818","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.810","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malformed MIME Header Filtering Bypass. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. More Information: CSCvb65245. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 9.8.0-092."},{"lang":"es","value":"Una vulnerabilidad en el escáner Multipurpose Internet Mail Extensions (MIME) de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) podría permitir a un atacante remoto no autenticado eludir los filtros configurados por el usuario en el dispositivo, vulnerabilidad también conocida como Malformed MIME Header Filtering Bypass. Esta vulnerabilidad afecta todos los lanzamientos anteriores al primer lanzamiento reparado de Cisco AsyncOS Software para Cisco Email Security Appliances, ambas aplicaciones virtuales y hardware, si el software es configurado para aplicar un filtro de mensaje o filtro de contenido a adjuntos de email entrantes. Más Información: CSCvb65245. Lanzamientos Afectados Conocidos: 9.7.1-066. Lanzamientos Reparados Conocidos: 9.8.0-092."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:9.7.1-066:*:*:*:*:*:*:*","matchCriteriaId":"9F09AFAB-9F02-4B39-8117-BAA56A434289"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95939","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037773","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95939","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037773","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3820","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.857","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Simple Network Management Protocol (SNMP) functions of Cisco ASR 1000 Series Aggregation Services Routers running Cisco IOS XE Software Release 3.13.6S, 3.16.2S, or 3.17.1S could allow an authenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. More Information: CSCux68796. Known Affected Releases: 15.5(3)S2.1 15.6(1)S1.1. Known Fixed Releases: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."},{"lang":"es","value":"Una vulnerabilidad en funciones Simple Network Management Protocol (SNMP) de Cisco ASR 1000 Series Aggregation Services Routers que ejecutan Cisco IOS XE Software Release 3.13.6S, 3.16.2S, o 3.17.1S podría permitir a un atacante remoto no autenticado provocar elevado uso de CPU en un dispositivo afectado, resultando en una condición de denegación de servicio (DoS). Más Información: CSCux68796. Lanzamientos Conocidos Afectados: 15.5(3)S2.1 15.6(1)S1.1. Lanzamientos Reparados Conocidos: 15.4(3)S6.1 15.4(3)S6.2 15.5(3)S2.2 15.5(3)S3 15.6(0.22)S0.23 15.6(1)S2 16.2(0.295) 16.3(0.94) 15.5.3S3."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:C","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-665"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.13.6s:*:*:*:*:*:*:*","matchCriteriaId":"665ACEAC-AE81-40F7-8A01-E8DB9DD7DD7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.16.2s:*:*:*:*:*:*:*","matchCriteriaId":"970FD986-6D0E-441C-9BF3-C66A25763A7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.17.1s:*:*:*:*:*:*:*","matchCriteriaId":"876767C7-0196-4226-92B1-DDE851B53655"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95934","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037770","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95934","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037770","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3822","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.890","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the following vulnerable products that have enabled FDM: ASA5506-X ASA5506W-X ASA5506H-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555-X. More Information: CSCvb86860. Known Affected Releases: FRANGELICO. Known Fixed Releases: 6.2.0."},{"lang":"es","value":"Una vulnerabilidad en el subsistema de registro del Cisco Firepower Threat Defense (FTD) Firepower Device Manager (FDM) podría permitir a un atacante remoto no autenticado agregar entradas arbitrarias al registro de auditoría. Esta vulnerabilidad afecta a las versiones 6.1.x de Cisco Firepower Threat Defense Software en los siguientes productos vulnerables que han habilitado FDM: ASA5506-X ASA5506-X ASA5506-X ASA5508-X ASA5516-X ASA5512-X ASA5515-X ASA5525-X ASA5545-X ASA5555 -X. Más Información: CSCvb86860. Lanzamientos Afectados Conocidos: FRANGELICO. Lanzamientos Reparados Conocidos: 6.2.0."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:firepower_threat_defense:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"61FB47CF-2A6A-4121-BFF7-5862E163B8E5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95944","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037775","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95944","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037775","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3824","sourceIdentifier":"psirt@cisco.com","published":"2017-02-03T07:59:00.920","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1)."},{"lang":"es","value":"Una vulnerabilidad en el manejo de los encabezados de lista en Cisco cBR Series Converged Broadband Routers podría permitir que un atacante remoto no autenticado provoque el reinicio del dispositivo, resultando en una condición de denegación de servicio (DoS).Los Cisco cBR-8 Converged Broadband Routers que ejecutan versiones vulnerables de Cisco IOS XE están afectados. Más información: CSCux40637. Lanzamientos Afectados Conocidos: 15.5 (3) S 15.6 (1) S. Lanzamientos Reparados Conocidos: 15.5 (3) S2 15.6 (1) S1 15.6 (2) S 15.6 (2) SP 16.4 (1)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:N/A:C","baseScore":5.4,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.16.0:*:*:*:*:*:*:*","matchCriteriaId":"B9F5F608-EEC5-48BC-829C-9C9ECF555649"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.16.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDEB8-D012-4162-A3C6-7D8F1CA3D618"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:ios_xe:3.17.0:*:*:*:*:*:*:*","matchCriteriaId":"A2FABA72-1FB0-40D5-BF79-CF68E66A6A0C"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:cbr-8_converged_broadband_router:-:*:*:*:*:*:*:*","matchCriteriaId":"D6CCBE67-E509-43EC-9AFB-8A9B6A115126"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95937","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037774","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-cbr","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037774","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-cbr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-2317","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote attackers to cause a denial of service (crash) via a crafted SVG file, related to the (1) TracePoint function in magick/render.c, (2) GetToken function in magick/utility.c, and (3) GetTransformTokens function in coders/svg.c."},{"lang":"es","value":"Múltiples desbordamientos de búfer en GraphicsMagick 1.3.23 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo SVG manipulado, relacionado con (1) la función TracePoint en magick/render.c, (2) función GetToken en magick/utility.c, y (3) función GetTransformTokens en coders/svg.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.23:*:*:*:*:*:*:*","matchCriteriaId":"C64A1165-D893-415C-B7E8-B1AF4C287116"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*","matchCriteriaId":"F892F1B0-514C-42F7-90AE-12ACDFDC1033"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*","matchCriteriaId":"74BCA435-7594-49E8-9BAE-9E02E129B6C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*","matchCriteriaId":"D41A798E-0D69-43C7-9A63-1E5921138EAC"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/11/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/20/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/27/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/31/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/07/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/83241","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306148","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/11/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/20/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/27/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/31/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/83241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-2318","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c."},{"lang":"es","value":"GraphicsMagick 1.3.23 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo SVG manipulado, relacionado con (1) la función DrawImage en magick/render.c, (2) función SVGStartElement en coders/svg.c, y (3) función TraceArcPath en magick/render.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.23:*:*:*:*:*:*:*","matchCriteriaId":"C64A1165-D893-415C-B7E8-B1AF4C287116"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*","matchCriteriaId":"F892F1B0-514C-42F7-90AE-12ACDFDC1033"},{"vulnerable":true,"criteria":"cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*","matchCriteriaId":"74BCA435-7594-49E8-9BAE-9E02E129B6C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*","matchCriteriaId":"D41A798E-0D69-43C7-9A63-1E5921138EAC"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/11/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/27/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/31/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/07/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/83241","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306148","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/11/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/27/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/31/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/83241","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4352","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the demuxer function in libmpdemux/demux_gif.c in Mplayer allows remote attackers to cause a denial of service (crash) via large dimensions in a gif file."},{"lang":"es","value":"Desbordamiento de entero en la función demuxer en libmpdemux/demux_gif.c en Mplayer permite a atacantes remotos provocar una denegación de servicio (caída) a través de grandes dimensiones en un archivo gif."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libavformat_project:libavformat:*:*:*:*:*:*:*:*","versionEndIncluding":"57.34.103","matchCriteriaId":"B04BF203-4100-499B-AD62-9722BD7280F2"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/29/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://trac.mplayerhq.hu/ticket/2295","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/29/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://trac.mplayerhq.hu/ticket/2295","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4570","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file."},{"lang":"es","value":"La función mxmlDelete en mxml-node.c en mxml 2.9, 2.7 y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un archivo xml manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mini-xml_project:mini-xml:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"7C76CECB-3B39-49F0-B01C-A626DE6B7771"},{"vulnerable":true,"criteria":"cpe:2.3:a:mini-xml_project:mini-xml:2.9:*:*:*:*:*:*:*","matchCriteriaId":"5D732F04-3E3C-4626-B670-6F62D328F467"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/09/16","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/11/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90315","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334648","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/09/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/11/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90315","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-4571","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file."},{"lang":"es","value":"La función mxml_write_node en mxml-file.c en mxml 2.9, 2.7 y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un archivo xml manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mini-xml_project:mini-xml:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"7C76CECB-3B39-49F0-B01C-A626DE6B7771"},{"vulnerable":true,"criteria":"cpe:2.3:a:mini-xml_project:mini-xml:2.9:*:*:*:*:*:*:*","matchCriteriaId":"5D732F04-3E3C-4626-B670-6F62D328F467"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/09/16","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/11/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90315","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334648","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/09/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/11/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90315","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1334648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5115","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.400","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file."},{"lang":"es","value":"La función avcodec_decode_audio4 en libavcodec en libavformat 57.34.103, como se usa en MPlayer, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo mp3 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libavformat_project:libavformat:57.34.103:*:*:*:*:*:*:*","matchCriteriaId":"AF8EEE67-D179-4BBC-9AAA-5874C0C870D7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/29/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://trac.mplayerhq.hu/ticket/2298","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/29/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://trac.mplayerhq.hu/ticket/2298","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-5241","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.430","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file."},{"lang":"es","value":"magick/render.c en GraphicsMagick en versiones anteriores a 1.3.24 permite a atacantes remotos provocar una denegación de servicio (excepción aritmética y caída de la aplicación) a través de un archivo svg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.23","matchCriteriaId":"42CE71F0-3C4D-485A-8C77-F4D079B3E064"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.graphicsmagick.org/NEWS.html#may-30-2016","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/02/14","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/89348","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333410","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.graphicsmagick.org/NEWS.html#may-30-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/02/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/89348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1333410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6163","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file."},{"lang":"es","value":"La función rsvg_pattern_fix_fallback en rsvg-paint_server.c en librsvg2 2.40.2 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo svg manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:librsvg:2.40.2:*:*:*:*:*:*:*","matchCriteriaId":"206FD857-C1D7-4951-8EDA-18ECCF9959F5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/04/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/05/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353520","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/04/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/05/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1353520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-8568","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file."},{"lang":"es","value":"La función git_commit_message en oid.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un comando cat-file con un archivo de objeto manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","matchCriteriaId":"CBC8B78D-1131-4F21-919D-8AC79A410FB9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*","versionEndIncluding":"0.24.2","matchCriteriaId":"91291D2A-5553-474A-BB86-D279E2AC24C0"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93466","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383211","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/libgit2/libgit2/issues/3936","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.24.3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93466","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383211","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/libgit2/libgit2/issues/3936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.24.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8569","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file."},{"lang":"es","value":"La función git_oid_nfmt en commit.c en libgit2 en versiones anteriores a 0.24.3 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un comando cat-file con un archivo de objeto manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libgit2_project:libgit2:*:*:*:*:*:*:*:*","versionEndIncluding":"0.24.2","matchCriteriaId":"91291D2A-5553-474A-BB86-D279E2AC24C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"},{"vulnerable":true,"criteria":"cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*","matchCriteriaId":"CBC8B78D-1131-4F21-919D-8AC79A410FB9"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93465","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383211","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/libgit2/libgit2/issues/3937","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.24.3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00075.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00103.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00110.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00114.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/08/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93465","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383211","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/libgit2/libgit2/issues/3937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libgit2/libgit2/releases/tag/v0.24.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4E77DG5KGQ7L34U75QY7O6NIPKZNQHQJ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3JBSNJAXP7JA3TGE2NPNRTD77JXFG4E/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVUEIG6EESZB6BRU2IE3F5NRUEHMAEKC/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9082","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the write_png function in cairo 1.14.6 allows remote attackers to cause a denial of service (invalid pointer dereference) via a large svg file."},{"lang":"es","value":"Desbordamiento de entero en la función write_png en cairo 1.14.6 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válida) a través de un archivo svg grande."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cairographics:cairo:1.14.6:*:*:*:*:*:*:*","matchCriteriaId":"F4ECA11D-3C44-456D-A7ED-504976FA0D75"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/27/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93931","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.freedesktop.org/attachment.cgi?id=127421","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://bugs.freedesktop.org/show_bug.cgi?id=98165","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1312337","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://security.gentoo.org/glsa/201904-01","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/27/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.freedesktop.org/attachment.cgi?id=127421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://bugs.freedesktop.org/show_bug.cgi?id=98165","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1312337","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://security.gentoo.org/glsa/201904-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9085","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Múltiples desbordamientos de entero en libwebp permiten a atacantes tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*","versionEndIncluding":"0.5.2","matchCriteriaId":"23B28B45-0982-43B5-82ED-1915608E9EF8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/27/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93928","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389338","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTR2ZW67TMT7KC24RBENIF25KWUJ7VPD/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SH6X3MWD5AHZC5JT4625PGFHAYLR7YW7/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-61","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/27/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93928","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1389338","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LG5Q42J7EJDKQKWTTHCO4YZMOMP74YPQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTR2ZW67TMT7KC24RBENIF25KWUJ7VPD/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SH6X3MWD5AHZC5JT4625PGFHAYLR7YW7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-61","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9108","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.790","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression."},{"lang":"es","value":"Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*","versionEndIncluding":"2016-10-31","matchCriteriaId":"869AC583-AE8F-41B6-94FE-3F3A7286E751"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96006","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390266","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/30/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96006","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390266","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9642","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T15:59:00.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"JavaScriptCore in WebKit allows attackers to cause a denial of service (out-of-bounds heap read) via a crafted Javascript file."},{"lang":"es","value":"JavaScriptCore en WebKit permite a atacantes provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo Javascript manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkit:webkit:-:*:*:*:*:*:*:*","matchCriteriaId":"CA80D441-2FBF-46F0-8C44-EB5423BD6B6E"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/26/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94554","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038137","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/26/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94554","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038137","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3183","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T16:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file."},{"lang":"es","value":"La función sycc422_t_rgb en common/color.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo jpeg2000 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","matchCriteriaId":"BA6BA5BE-0BB1-43CD-8F99-1252CA514E6D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/03/16/17","source":"cve@mitre.org","tags":["Mailing List","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317821","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/726","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201612-26","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/03/16/17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1317821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/15f081c89650dccee4aa4ae66f614c3fdb268767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-26","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4796","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T16:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en el color_cmyk_to_rgb en common/color.c en OpenJPEG en versiones anteriores a 2.1.1 permite a atacantes remotos ocasionar una denegación de servicio (caída) a través de un archivo .j2k manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","matchCriteriaId":"BA6BA5BE-0BB1-43CD-8F99-1252CA514E6D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/13/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335482","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/774","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/13/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/774","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4797","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T16:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947."},{"lang":"es","value":"La vulnerabilidad divide por cero en la función opj_tcd_init_tile en tcd.c en OpenJPEG en versiones anteriores a 2.1.1 permite a los atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un archivo jp2 elaborado. NOTA: este problema existe debido a una corrección incorrecta de CVE-2014-7947."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:uclouvain:openjpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","matchCriteriaId":"BA6BA5BE-0BB1-43CD-8F99-1252CA514E6D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/13/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335483","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/733","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/13/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/uclouvain/openjpeg/issues/733","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6188","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T16:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files."},{"lang":"es","value":"Pérdida de memoria en SOGo 2.3.7 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de un gran número de intentos de cargar un archivo adjunto grande, relacionado con archivos temporales."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:C","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alinto:sogo:2.3.7:*:*:*:*:*:*:*","matchCriteriaId":"13D87184-ACC8-43A7-B864-D798B3789321"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96007","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3510","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96007","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3510","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-4049","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T19:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or system crash) via vectors related to using program operators during EPSILON (level 5) based codefiles at peak memory usage, which triggers CPM stack corruption."},{"lang":"es","value":"Unisys Libra 43xx, 63xx y 83xx y sistemas clase FS600 con MCP-FIRMWARE 40.0 en versiones anteriores a 40.0IC4 Build 270 podrían permitir a usuarios remotos autenticados provocar una denegación de servicio (corrupción de datos o caída del sistema) a través de vectores relacionados con el uso de operadores de programa durante uso al máximo de memoria de archivos de códigos basados en EPSILON (Nivel 5), lo que desencadena la corrupción de la pila CPM."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:S/C:N/I:P/A:C","baseScore":5.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:unisys:mcp-firmware:40.0:*:*:*:*:*:*:*","matchCriteriaId":"7CD43D99-76B9-4429-A16B-10A67983D961"}]}]}],"references":[{"url":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=40","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10165","sourceIdentifier":"cve@mitre.org","published":"2017-02-03T19:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read."},{"lang":"es","value":"La función Type_MLU_Read en cmstypes.c en Little CMS (también conocido como lcms2) permite a atacantes remotos obtener información sensible o provocar una denegación de servicio a través de una imagen con un perfil ICC manipulado, lo que desencadena una lectura de memoria dinámica fuera de límites."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:littlecms:little_cms_color_engine:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11","matchCriteriaId":"925CF76E-7319-4178-B378-717C78627C3D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","matchCriteriaId":"7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","matchCriteriaId":"B3293E55-5506-4587-A318-D1734F781C09"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*","matchCriteriaId":"F4F86C3C-B99C-44C6-97D7-163DC3F59687"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*","matchCriteriaId":"133AAFA7-AF42-4D7B-8822-AA2E85611BF5"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*","matchCriteriaId":"54D669D4-6D7E-449D-80C1-28FA44F06FFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"21690BAC-2129-4A33-9B48-1F3BF30072A9"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","versionStartIncluding":"7.3","matchCriteriaId":"BD075607-09B7-493E-8611-66D041FFDA62"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","versionStartIncluding":"9.5","matchCriteriaId":"0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_sra:*:*","matchCriteriaId":"76181AF5-D035-4372-AAD4-FDD37AC3C071"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vasa:*:*","matchCriteriaId":"FE940E30-17B5-4973-A5CA-D3E714B153BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_management:-:*:*:*:*:vmware_vcenter:*:*","matchCriteriaId":"3275348E-0FAF-4DC1-94A6-B53014659D49"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*","matchCriteriaId":"8AFF1109-26F3-43A5-A4CB-0F169FDBC0DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5AF71C49-ADEF-4EE2-802C-6159ADD51355"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*","matchCriteriaId":"B3BC6E59-2134-4A28-AAD2-77C8AE236BCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*","matchCriteriaId":"24377899-5389-4BDC-AC82-0E4186F4DE53"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*","matchCriteriaId":"23FE83DE-AE7C-4313-88E3-886110C31302"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*","matchCriteriaId":"490B327B-AC20-419B-BB76-8AB6971304BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*","matchCriteriaId":"8DCE2754-7A9E-4B3B-91D1-DCF90C1BABE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*","matchCriteriaId":"6CA74E8B-51E2-4A7C-8A98-0583D31134A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*","matchCriteriaId":"7B64AB37-A1D9-4163-A51B-4C780361F1F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*","matchCriteriaId":"7BE9C9D7-9CED-4184-A190-1024A6FB8C82"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*","matchCriteriaId":"B73D4C3C-A511-4E14-B19F-91F561ACB1B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*","matchCriteriaId":"0C47D72C-9B6B-4E52-AF0E-56AD58E4A930"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*","matchCriteriaId":"039C3790-5AA2-4895-AEAE-CC84A71DB907"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*","matchCriteriaId":"B4592238-D1F2-43D6-9BAB-2F63ECF9C965"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*","matchCriteriaId":"0BA78068-80E9-4E49-9056-88EAB7E3682C"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*","matchCriteriaId":"092F366C-E8B0-4BE5-B106-0B7A73B08D34"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*","matchCriteriaId":"E7992E92-B159-4810-B895-01A9B944058A"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.2:*:*:*:*:*:*:*","matchCriteriaId":"5BDD7AAB-2BF3-4E8C-BEE2-5217E2926C11"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*","matchCriteriaId":"7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*","matchCriteriaId":"F1BE6C1F-2565-4E97-92AA-16563E5660A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"698C6261-679D-45C1-A396-57AC96AD64D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*","matchCriteriaId":"3BD81527-A341-42C3-9AB9-880D3DB04B08"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*","matchCriteriaId":"3FA5E22C-489B-4C5F-A5F3-C03F45CA8811"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager:7.1:*:*:*:*:vmware_vsphere:*:*","matchCriteriaId":"BA71C0C3-CC74-4AB8-BD5B-A0553DC10418"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2079.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2658.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3774","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/23/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/14","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/95808","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039596","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2999","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3046","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3264","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3267","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3268","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3453","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171019-0001/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3770-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3770-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00174.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2079.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2658.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3774","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/23/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/95808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1039596","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2999","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3046","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3264","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3267","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:3453","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171019-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3770-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3770-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6500","sourceIdentifier":"security-alert@hpe.com","published":"2017-02-03T19:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unspecified methods in the RACF Connector component before 1.1.1.0 in ForgeRock OpenIDM and OpenICF improperly call the SearchControls constructor with returnObjFlag set to true, which allows remote attackers to execute arbitrary code via a crafted serialized Java object, aka LDAP entry poisoning."},{"lang":"es","value":"Métodos no especificados en el componente RACF Connector en versiones anteriores a 1.1.1.0 en ForgeRock OpenIDM y OpenICF llaman incorrectamente al constructor SearchControls con returnObjFlag establecido como true, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto Java serializado manipulado, también conocido como envenenamiento de entrada LDAP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:forgerock:racf_connector:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.0.0","matchCriteriaId":"EB691A4D-946C-4B76-8BBD-782CED9BCE17"}]}]}],"references":[{"url":"https://backstage.forgerock.com/knowledge/kb/article/a96963547","source":"security-alert@hpe.com","tags":["Vendor Advisory"]},{"url":"https://backstage.forgerock.com/knowledge/kb/article/a96963547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7147","sourceIdentifier":"cve@mitre.org","published":"2017-02-04T05:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the obj_ids:tokens parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7140."},{"lang":"es","value":"Vulnerabilidad de XSS en el componente manage_findResult en la funcionalidad de búsqueda de Zope ZMI en Plone en versiones anteriores a 4.3.12 y 5.x en versiones anteriores a 5.0.7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que implican comillas dobles. Como se demuestra por el parámetro obj_ids: tokens. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2016-7140."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*","matchCriteriaId":"8B635DAD-AC53-4484-8750-200B662DAFD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*","matchCriteriaId":"FDC93803-6506-4382-A013-18010EE7E06B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E65977FD-A880-4D16-B56B-94A72774F42D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"4EA5B4F8-2155-403D-97D8-1272285D508B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A3CA2943-77E5-4384-A019-415BBCE62F94"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"538A3519-5B04-4FE5-A3C0-FD26EFA32705"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*","matchCriteriaId":"858CBC5A-C241-475C-8125-C5EA351B12A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*","matchCriteriaId":"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E08F4534-A588-463F-A745-39E559AB1CB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B64341BA-5722-415E-9771-9837168AB7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E2929227-AE19-428D-9AC3-D312A559039B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3B6DC866-0FEE-475B-855C-A69E004810CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"50BF3E8E-152C-4E89-BAA2-A952D10F4611"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F1F88BF6-9058-4CB8-A2D6-5653860CF489"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"B2AA3FA2-15C3-444A-8810-5EF3E0E84D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"72F3B15A-CD0F-4CC5-A76F-E62637B30E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"D913FCA7-4DAE-4E9A-9146-9AFA8472B04B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*","matchCriteriaId":"7C44B53B-953B-4522-A5B4-11573850D2CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D8883023-113A-420A-97B6-A4A9B29CF7DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4DF4D113-8D9D-4DA3-A177-64783352F608"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"28F9B699-D1A4-425C-84ED-6A8FD29BE7F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"47321B60-67DA-4543-B173-D629A9569B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"58B36EB2-723F-4E25-8018-EEB2BE806D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*","matchCriteriaId":"7962EF74-6AC1-424C-A202-163AFDADA971"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*","matchCriteriaId":"1F1818BB-E23A-4136-898D-1D0C80C08728"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"5CB06627-133A-40D1-8816-E31E0A9BAD22"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6E727C5C-9E54-49F7-B92C-2492069AAE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BFD68465-4CDC-4788-8932-41335B5C4AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*","matchCriteriaId":"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CE168A35-1A46-4A6F-8A08-25CDD886066D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"56571585-E9A2-4B78-B2B1-5D8EADED522A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"2CDF8A15-401C-453E-8D09-8D4CDD4766DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"043B3CBE-DEA2-474D-AA57-1830A470B621"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"08A6842B-B479-4D91-928A-1CCE1DCB936E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"875A368A-F1D6-4795-99CF-A96DBCD1D407"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"B5962C24-BC35-4E27-B81B-E2D21F83FB13"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"55BCE259-700F-4E39-8565-99E4DFDA6F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"CD0755E5-2001-499F-90EA-6C2133D116D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*","matchCriteriaId":"5893527F-D365-4A39-9104-1B478804F0BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8AF9FB6C-134F-4653-8771-1BF46AB39344"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E22BA768-96DE-408F-8979-4CC58B50A09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"1672268D-2EFB-4D9E-99D4-AAEFEA659091"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF74DD4-27BB-4881-B324-B53336EF0648"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C6962EC-8398-4564-9840-AECB3E3D697D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"83D341D6-AB11-444F-88FD-22303D1E3F65"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"DAF8A5BB-2F6A-474F-9DCE-0AF9E8E1D1D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"58165598-70DB-48AD-BD6E-793B103DC15F"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*","matchCriteriaId":"39E8A13F-B8F8-490D-AB5D-E8FF5EA0490B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*","matchCriteriaId":"DD34F775-A365-4B65-8F60-F09EDD57B2EF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96117","source":"cve@mitre.org"},{"url":"https://plone.org/security/hotfix/20170117","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.curesec.com/blog/article/blog/Plone-XSS-186.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96117","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plone.org/security/hotfix/20170117","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"https://plone.org/security/hotfix/20170117/non-persistent-xss-in-zope2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.curesec.com/blog/article/blog/Plone-XSS-186.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5880","sourceIdentifier":"cve@mitre.org","published":"2017-02-04T05:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted GET request, aka SPL-130279."},{"lang":"es","value":"Splunk Web en Splunk Enterprise versiones 6.5.x en versiones anteriores a 6.5.2, 6.4.x en versiones anteriores a 6.4.5, 6.3.x en versiones anteriores a 6.3.9, 6.2.x en versiones anteriores a 6.2.13, 6.1.x en versiones anteriores a 6.1.12, 6.0.x en versiones anteriores a 6.0.13, 5.0.x en versiones anteriores a 5.0.17 y las versiones de Splunk Light anteriores a 6.5.2 permite a los usuarios remotos autenticados provocar una denegación de servicio (caída de daemon) a través de una solicitud GET manipulada, también conocida como SPL-130279."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"DE14A0C1-C94A-48CD-80C6-89574C07379A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"DA88AC99-F676-4FAB-AC4E-1B40A85560D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"128F43BB-BB71-489A-A385-3654E745CE34"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"81FEC811-BC9A-4C24-ABDC-89506EBC5F68"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"2AE1409C-D8DC-472C-9BCA-45D40B0ED836"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"DDC8A279-A04D-4410-A77E-6C45F63E13F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"FFA99D49-F384-414E-84C2-04A0498C3764"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"DF3EFE0C-3737-4BEA-B68F-46BD50F484D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"7EB21D87-CC00-44A6-BDFB-78116FF26E2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"E3452254-79B9-43A6-91FD-AF4112FFC709"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.10:*:*:*:enterprise:*:*:*","matchCriteriaId":"E5CCF6AE-4994-46DD-BE0E-E8DB14332E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.11:*:*:*:enterprise:*:*:*","matchCriteriaId":"FDCF8506-6FCF-44DC-A7AD-9179B461A23D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.12:*:*:*:enterprise:*:*:*","matchCriteriaId":"F8AA782A-2B5D-40C9-B5C0-044188576DCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.13:*:*:*:enterprise:*:*:*","matchCriteriaId":"80DFCCD0-45E3-49E5-B4D2-7309306E62BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.14:*:*:*:enterprise:*:*:*","matchCriteriaId":"B2983933-1E0E-4409-9EB4-035C80A26333"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.15:*:*:*:enterprise:*:*:*","matchCriteriaId":"E73FD956-361A-4A16-8395-EB043780933E"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:5.0.16:*:*:*:enterprise:*:*:*","matchCriteriaId":"BB3630C5-9917-4D6C-8E1D-087C03A542D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"9EF63812-8482-4EC2-97CF-BEC5E27A3367"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"FF70BF2B-16A6-48B8-9AEF-1198E6FBB7EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"AE4A31E6-E4CA-4C92-BEF6-649800B0EF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"81D51853-0D47-4034-83E6-FB46A6E9F2AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"06418BAD-EF0C-42F9-A2A3-FD232D9882B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"E2772D7D-B15D-42D4-AC32-DC9A005163E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"6188A7A1-76EE-493B-9A38-3564AAAB64F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"4142BA91-F26B-4DD0-933A-1BB1AAB587AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"2D0D8841-7BB4-4A2B-891A-84302EE45640"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"24767341-D913-4A59-8496-AE2429696279"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.10:*:*:*:enterprise:*:*:*","matchCriteriaId":"7E38696A-9486-4922-8B9C-798FB8BC5360"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.11:*:*:*:enterprise:*:*:*","matchCriteriaId":"C2AA1ED2-FCD5-4E98-B4FF-C8FBE8DDA284"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.0.12:*:*:*:enterprise:*:*:*","matchCriteriaId":"5D6DD223-CCA1-4C59-80AC-BF9E67479A22"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"D645FC12-C7BD-4D2E-9ACB-509D3DEA73AC"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"BE618334-8239-42DB-9F79-DE9241AEBF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"D3764A91-2A1C-4076-8F2C-ECED2FFD15DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"C9BF3278-84C0-46CE-9CB4-952D0361A117"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"FA1023E7-B6E3-49C2-BE70-34441FEC2CF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"A9A34A7A-7AE4-4372-805B-165D8890B0EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"29DDC4B6-7832-4CA1-B872-41202ADA3CF5"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"E9E747FC-558F-4CD5-9BE1-0CFEC01A679A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"BEA15E6A-4C34-46C4-8AA7-CC695116364D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"6A629D3A-04FB-4C7A-B490-4A2E2E38DBA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.10:*:*:*:enterprise:*:*:*","matchCriteriaId":"72163879-BC1B-4F61-B441-014909940F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.1.11:*:*:*:enterprise:*:*:*","matchCriteriaId":"C7365CA4-4730-4ED7-B69C-E9FACB160442"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"6A1B5DB3-86EE-43D5-8FA2-C62CB0F1589B"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"1AD74B94-BA4C-4679-AD80-AB268F930800"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"F6B51A1C-15FA-4F09-BEC0-2365EA1B2320"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"3DF8E96E-9A0C-4865-9891-6FF686FAFC10"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"3E86FB3D-CD13-45CD-9D2C-C66C171D6D1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"7C568818-BFF9-4262-9092-4C441FE34C41"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"49EB8850-F83A-42AB-B4F2-F5867992E636"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"2B9A57FA-F313-4FD8-8354-86771173F3F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"00151508-4BC7-492D-846A-87CD1E2FFB56"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.9:*:*:*:enterprise:*:*:*","matchCriteriaId":"A036EB08-E546-4FF4-922D-9E343918310D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.10:*:*:*:enterprise:*:*:*","matchCriteriaId":"EE18045F-40CF-4680-8196-5381FFA80C12"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.11:*:*:*:enterprise:*:*:*","matchCriteriaId":"48B31390-A81F-4206-A362-8FC71E5B87C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.2.12:*:*:*:enterprise:*:*:*","matchCriteriaId":"4852690A-87B8-4A0B-A72A-1D33027565F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"017E3E44-C062-463F-B9D3-75BA57992C91"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"A2BB5352-F0AF-4578-979A-7E7D3259A94A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"011F96AC-580A-4798-82F9-5D7CF80505DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"8B2CE702-BB9A-426C-ADE1-6CC0CD96A2CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"51ABD86F-DD27-43D6-AC0C-BE8E7B5A6308"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.5:*:*:*:enterprise:*:*:*","matchCriteriaId":"EED5369E-4539-4598-85C9-00384CBB7410"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.6:*:*:*:enterprise:*:*:*","matchCriteriaId":"963C3008-04D5-4331-89E9-09FEC12FEC17"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.7:*:*:*:enterprise:*:*:*","matchCriteriaId":"6C85C2D3-FA71-47C4-9BA1-1008F033E24A"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.3.8:*:*:*:enterprise:*:*:*","matchCriteriaId":"A7686091-ABEF-4EA3-B9EC-9B09C7B05FD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.4.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"D0BDC526-0F46-41E6-B723-D93A5FA288B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.4.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"9BCB1613-C716-4147-9E1E-0FCAD800DE1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.4.2:*:*:*:enterprise:*:*:*","matchCriteriaId":"FF59568E-ECF4-4AF9-9F70-01AB67CEACA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.4.3:*:*:*:enterprise:*:*:*","matchCriteriaId":"AA23CDDF-349C-4028-B857-FA1837BBEBEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.4.4:*:*:*:enterprise:*:*:*","matchCriteriaId":"6169CE4B-429B-4DB8-B2D1-8AEAAB1BFB23"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.5.0:*:*:*:enterprise:*:*:*","matchCriteriaId":"EB11750A-BE9D-450C-856B-550DE8B0A55C"},{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:6.5.1:*:*:*:enterprise:*:*:*","matchCriteriaId":"61B46B1C-70A9-4959-998B-1B9927378CE2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:splunk:splunk:*:*:*:*:light:*:*:*","versionEndIncluding":"6.5.1","matchCriteriaId":"19EBA2BD-619F-483D-A700-808310231B4A"}]}]}],"references":[{"url":"http://www.splunk.com/view/SP-CAAAPW8","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.splunk.com/view/SP-CAAAPW8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5882","sourceIdentifier":"cve@mitre.org","published":"2017-02-04T18:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en index.asp en SANADATA SanaCMS 7.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de búsqueda."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sanadata:sanacms:7.3:*:*:*:*:*:*:*","matchCriteriaId":"D376EEB4-C8D9-44F2-864B-051177483277"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96038","source":"cve@mitre.org"},{"url":"https://cxsecurity.com/issue/WLB-2017020038","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96038","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cxsecurity.com/issue/WLB-2017020038","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10098","sourceIdentifier":"cve@mitre.org","published":"2017-02-05T18:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands."},{"lang":"es","value":"Se descubrió un problema en dispositivos SendQuick Entera y Avera en versiones anteriores a 2HF16. Múltiples vulnerabilidades de inyección de comandos permiten a atacantes ejecutar comandos arbitrarios en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9649AFA2-5306-4888-8335-DDBCCDABA57B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"7501D6BC-A349-40DB-98DF-0047FEA3F82A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF5B6E4-D97A-4B9B-8219-76357BE2BF51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"A9176344-BE46-48F4-A5C4-109184E37D0B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96129","source":"cve@mitre.org"},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"cve@mitre.org","tags":["Press/Media Coverage","Third Party Advisory","URL Repurposed"]},{"url":"http://www.securityfocus.com/bid/96129","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Press/Media Coverage","Third Party Advisory","URL Repurposed"]}]}},{"cve":{"id":"CVE-2017-5136","sourceIdentifier":"cve@mitre.org","published":"2017-02-05T18:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on SendQuick Entera and Avera devices before 2HF16. The application failed to check the access control of the request which could result in an attacker being able to shutdown the system."},{"lang":"es","value":"Se descubrió un problema en dispositivos SendQuick Entera y Avera en versiones anteriores a 2HF16. La aplicación no pudo comprobar el control de acceso de la solicitud por lo que podría resultar en que un atacante fuese capaz de apagar el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9649AFA2-5306-4888-8335-DDBCCDABA57B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"7501D6BC-A349-40DB-98DF-0047FEA3F82A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF5B6E4-D97A-4B9B-8219-76357BE2BF51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"A9176344-BE46-48F4-A5C4-109184E37D0B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96031","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"cve@mitre.org","tags":["Third Party Advisory","URL Repurposed"]},{"url":"http://www.securityfocus.com/bid/96031","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","URL Repurposed"]}]}},{"cve":{"id":"CVE-2017-5137","sourceIdentifier":"cve@mitre.org","published":"2017-02-05T18:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on SendQuick Entera and Avera devices before 2HF16. An attacker could request and download the SMS logs from an unauthenticated perspective."},{"lang":"es","value":"Se descubrió un problema en dispositivos SendQuick Entera y Avera en versiones anteriores a 2HF16. Un atacante podría solicitar y descargar los registros de SMS desde una perspectiva no autenticada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:entera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"9649AFA2-5306-4888-8335-DDBCCDABA57B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:entera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"7501D6BC-A349-40DB-98DF-0047FEA3F82A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sendquick:avera_sms_gateway_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7EF5B6E4-D97A-4B9B-8219-76357BE2BF51"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sendquick:avera_sms_gateway:-:*:*:*:*:*:*:*","matchCriteriaId":"A9176344-BE46-48F4-A5C4-109184E37D0B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96031","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"cve@mitre.org","tags":["Third Party Advisory","URL Repurposed"]},{"url":"http://www.securityfocus.com/bid/96031","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://niantech.io/blog/2017/02/05/vulns-multiple-vulns-in-sendquick-entera-avera-sms-gateway-appliances/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","URL Repurposed"]}]}},{"cve":{"id":"CVE-2010-5328","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"include/linux/init_task.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service (system crash) by leveraging access to this process group."},{"lang":"es","value":"include/linux/init_task.h en el kernel de Linux en versiones anteriores a 2.6.35 no impide que las señales con un ID de grupo de proceso de cero alcancen el proceso swapper, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) aprovechando el acceso a este grupo de procesos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.34.7","matchCriteriaId":"9A17F021-CEC3-4408-ACD2-EE71A3BC67F7"}]}]}],"references":[{"url":"http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97103","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358840","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://ftp.naist.jp/pub/linux/kernel/v2.6/ChangeLog-2.6.35","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f106eee10038c2ee5b6056aaf3f6d5229be6dcdd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f20011457f41c11edb5ea5038ad0c8ea9f392023","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa2755e20ab0c7215d99c2dc7c262e98a09b01df","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97103","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1358840","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/f106eee10038c2ee5b6056aaf3f6d5229be6dcdd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/f20011457f41c11edb5ea5038ad0c8ea9f392023","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/fa2755e20ab0c7215d99c2dc7c262e98a09b01df","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10150","sourceIdentifier":"secalert@redhat.com","published":"2017-02-06T06:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device."},{"lang":"es","value":"Vulnerabilidad de uso después de liberación de memoria en la función kvm_ioctl_create_device en virt/kvm/kvm_main.c en el kernel de Linux en versiones anteriores a 4.8.13 permite a usuarios del SO anfitrión provocar una denegación de servicio (caída del SO anfitrión) o posiblemente obtener privilegios a través de llamadas ioctl manipuladas en el dispositivo /dev/kvm."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8.0","versionEndExcluding":"4.8.13","matchCriteriaId":"FA736214-5723-44E0-BD46-9A74AF0EFE21"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/18/10","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95672","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1414506","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/18/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95672","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1414506","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10153","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code."},{"lang":"es","value":"La API criptográfica de la lista de dispersión en el kernel de Linux 4.9.x en versiones anteriores a 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locales provocar una denegación de servicio (caída de sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando la confianza en el código anterior net/ceph/crypto.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*","matchCriteriaId":"27B10B33-5F64-4039-8351-694A7AB6E4E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*","matchCriteriaId":"686DF390-3DCA-4D64-9858-FF699FA21D9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*","matchCriteriaId":"D24EF446-2120-4F2F-9D84-F782BF1D85CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*","matchCriteriaId":"DA879AFB-E995-458B-ABD2-87477376A70D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*","matchCriteriaId":"719F2C9D-1897-480A-93CE-C2AC987B80AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*","matchCriteriaId":"F1516D1D-261D-421C-83FF-05DD90DAEB50"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a45f795c65b479b4ba107b6ccde29b896d51ee98","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95713","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416101","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/a45f795c65b479b4ba107b6ccde29b896d51ee98","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a45f795c65b479b4ba107b6ccde29b896d51ee98","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95713","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/a45f795c65b479b4ba107b6ccde29b896d51ee98","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10154","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist."},{"lang":"es","value":"La función smbhash en fs/cifs/smbencrypt.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.1 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, que permite a usuarios locales provocar una denegación de servicio (caída del sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando el uso de más de una página virtual para una lista de dispersión ."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*","matchCriteriaId":"27B10B33-5F64-4039-8351-694A7AB6E4E4"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95714","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416104","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06deeec77a5a689cc94b21a8a91a76e42176685d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95714","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/06deeec77a5a689cc94b21a8a91a76e42176685d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10208","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image."},{"lang":"es","value":"La función ext4_fill_super en fs/ext4/super.c en el kernel de Linux hasta la versión 4.9.8 no valida correctamente los grupos de bloque meta, lo que permite a atacantes físicamente próximos provocar una denegación de servicio (lectura fuera de límites y caída del sistema) a través de una imagen ext4 manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.8","matchCriteriaId":"631307FC-F876-4F6F-9611-3DA04263A60E"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Nov/75","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94354","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1297","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1298","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1308","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395190","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/3754-1/","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Nov/75","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94354","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1297","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1298","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1308","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1395190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2583","sourceIdentifier":"secalert@redhat.com","published":"2017-02-06T06:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application."},{"lang":"es","value":"La implementación de load_segment_descriptor en arc/x86/kvm/emulate.c en el kernel de Linux en versiones anteriores a 4.9.5 emula indebidamente una instrucción \"MOV SS, NULL selector\", lo que permite a usuarios del SO invitado provocar una denegación de servicio (caída del SO invitado) u obteniendo privilegios de SO invitado a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.4","matchCriteriaId":"7C19DB2D-DE85-4140-817A-D010708EB355"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3","source":"secalert@redhat.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"secalert@redhat.com"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/19/2","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95673","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1615","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:1616","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1414735","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"secalert@redhat.com"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/19/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1615","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1616","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1414735","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2596","sourceIdentifier":"secalert@redhat.com","published":"2017-02-06T06:59:00.450","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references."},{"lang":"es","value":"La función nested_vmx_check_vmptr en arch/x86/kvm/vmx.c en el kernel de Linux hasta la versión 4.9.8 emula indebidamente la instrucción VMXON, lo que permite a usuarios del SO invitado KVM L1 provocar una denegación de servicio (consumo de memoria del SO anfitrión) aprovechando el manejo incorrecto de referencia de páginas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.8","matchCriteriaId":"631307FC-F876-4F6F-9611-3DA04263A60E"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3791","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/4","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95878","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417812","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95878","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1417812","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2017-5546","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number."},{"lang":"es","value":"La característica de freelist-randomization en mm/slab.c en el kernel 4.8.x de Linux y 4.9.x en versiones anteriores a 4.9.5 permite a usuarios locales provocar una denegación de servicio (entradas freelist duplicadas y caída del sistema) o posiblemente tener otro impacto no especificado en circunstancias oportunistas aprovechando la selección de un valor grande para un número aleatorio."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.7","versionEndExcluding":"4.9.5","matchCriteriaId":"E7C80006-A48A-4709-BBED-83D2F1411141"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95711","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1415733","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4e490cf148e85ead0d1b1c2caaba833f1d5b29f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95711","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1415733","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5547","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist."},{"lang":"es","value":"drivers/hid/hid-corsair.c en el kernel de Linux 4.9.x antes 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando el uso de más de una página virtual para una lista de dispersión de DMA."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.4","versionEndExcluding":"4.4.45","matchCriteriaId":"BAA44040-635E-42BC-834A-D2689F65038F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.6","matchCriteriaId":"6C4EC008-DEFD-4361-A4DA-8E99063FE606"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d104af38b570d37aa32a5803b04c354f8ed513d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95709","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416096","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/6d104af38b570d37aa32a5803b04c354f8ed513d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d104af38b570d37aa32a5803b04c354f8ed513d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95709","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/6d104af38b570d37aa32a5803b04c354f8ed513d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5548","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist."},{"lang":"es","value":"drivers/net/ieee802154/atusb.c en el kernel de Linux 4.9.x en versiones anteriores a 4.9.6 interactúa incorrectamente con la opción CONFIG_VMAP_STACK, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema o corrupción de memoria) o posiblemente tener otro impacto no especificado aprovechando el uso de más de una página virtual para una lista de dispersión de DMA."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9:*:*:*:*:*:*:*","matchCriteriaId":"27B10B33-5F64-4039-8351-694A7AB6E4E4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.1:*:*:*:*:*:*:*","matchCriteriaId":"686DF390-3DCA-4D64-9858-FF699FA21D9A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.2:*:*:*:*:*:*:*","matchCriteriaId":"D24EF446-2120-4F2F-9D84-F782BF1D85CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.3:*:*:*:*:*:*:*","matchCriteriaId":"DA879AFB-E995-458B-ABD2-87477376A70D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.4:*:*:*:*:*:*:*","matchCriteriaId":"719F2C9D-1897-480A-93CE-C2AC987B80AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:4.9.5:*:*:*:*:*:*:*","matchCriteriaId":"F1516D1D-261D-421C-83FF-05DD90DAEB50"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95710","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416110","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95710","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416110","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5549","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log."},{"lang":"es","value":"La función klsi_105_get_line_state en drivers/usb/serial/kl5kusb105.c en el kernel de Linux en versiones anteriores a 4.9.5 coloca los contenidos de memoria de pila no inicializados en una entrada de registro sobre un fallo para leer el estado de la línea, lo que permite a usuarios locales obtener información sensible leyendo el registro."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.4","matchCriteriaId":"7C19DB2D-DE85-4140-817A-D010708EB355"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95715","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416114","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/146cc8a17a3b4996f6805ee5c080e7101277c410","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95715","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416114","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/146cc8a17a3b4996f6805ee5c080e7101277c410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5550","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision."},{"lang":"es","value":"Error por un paso en la función pipe_advance en lib/iov_iter.c en el kernel de Linux en versiones anteriores a 4.9.5 permite a usuarios locales obtener información sensible de posiciones de memoria dinámica no inicializadas en circunstancias oportunistas leyendo desde una tubería después una decisión de liberación de búfer incorrecta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.4","matchCriteriaId":"7C19DB2D-DE85-4140-817A-D010708EB355"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95716","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416116","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95716","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416116","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5551","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097."},{"lang":"es","value":"La función simple_set_acl en fs/posix_acl.c en el kernel de Linux en versiones anteriores a 4.9.6 preserva el bit setgid durante una llamada setxattr que implica un sistema de archivos tmpfs, lo que permite a usuarios locales obtener privilegios de grupo aprovechando la existencia de un programa setgid con restricciones sobre los permisos de ejecución. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-7097."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.5","matchCriteriaId":"56274F09-9AD1-471A-8663-69116F7C8615"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95717","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038053","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416126","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/497de07d89c1410d76a15bec2bb41f24a2a89f31","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=497de07d89c1410d76a15bec2bb41f24a2a89f31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95717","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038053","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416126","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/497de07d89c1410d76a15bec2bb41f24a2a89f31","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5576","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.763","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call."},{"lang":"es","value":"Desbordamiento de enteros en la función vc4_get_bcl en drivers/gpu/drm/vc4/vc4_gem.c en el controlador de VideoCore DRM en el kernel de Linux en versiones anteriores a 4.9.7 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un valor de tamaño manipulado en una llamada ioctl VC4_SUBMIT_CL."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.7","matchCriteriaId":"20EE2EFD-24B9-486E-8B08-FB740ABD8585"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2ff82e11c86c05d051cae32b58226392d33bbf","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95767","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416436","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/0f2ff82e11c86c05d051cae32b58226392d33bbf","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2017/1/17/761","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0f2ff82e11c86c05d051cae32b58226392d33bbf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95767","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416436","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/0f2ff82e11c86c05d051cae32b58226392d33bbf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2017/1/17/761","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5577","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T06:59:00.810","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call."},{"lang":"es","value":"La función vc4_get_bcl en drivers/gpc/drm/vc4/vc4_gem.c en el controlador VideoCore DRM en el kernel de Linux en versiones anteriores a 4.9.7 no establece un valor errno sobre ciertas detecciones de desbordamiento, lo que permite a usuarios locales provocar una denegación de servicio (referencia incorrecta al puntero y OOPS) a través de valores de tamaño inconsistentes en una llamada ioctl VC4_SUBMIT_CL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-388"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.6","matchCriteriaId":"55352769-0317-401E-901B-1AE7A7ADD86F"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95765","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416437","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2017/1/17/759","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8ac63847bc2f958dd93c09edc941a0118992d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95765","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1416437","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/6b8ac63847bc2f958dd93c09edc941a0118992d9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lkml.org/lkml/2017/1/17/759","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-2794","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T15:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx."},{"lang":"es","value":"El asistente de instalación en DotNetNuke (DNN) en versiones anteriores a 7.4.1 permite a atacantes remotos reinstalar la aplicación y obtener acceso SuperUser a través de una solicitud directa a Install/InstallWizard.aspx."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*","versionEndIncluding":"07.04.00","matchCriteriaId":"8E39BB11-55FD-439B-9006-7BE20A8A55C1"}]}]}],"references":[{"url":"http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue","source":"cve@mitre.org","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.dnnsoftware.com/community/security/security-center","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96373","source":"cve@mitre.org"},{"url":"https://dotnetnuke.codeplex.com/releases/view/615317","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/39777/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.dnnsoftware.com/community-blog/cid/155198/workaround-for-potential-security-issue","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.dnnsoftware.com/community/security/security-center","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96373","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://dotnetnuke.codeplex.com/releases/view/615317","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/39777/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5875","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T15:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XSS was discovered in dotCMS 3.7.0, with an authenticated attack against the /myAccount addressID parameter."},{"lang":"es","value":"XSS fue descubierto en dotCMS 3.7.0, con un ataque autenticado contra el parámetro /myAccount addressID."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:3.7.0:*:*:*:*:*:*:*","matchCriteriaId":"9A30BB71-ACBD-426B-8468-58566A963A20"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96115","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5876","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T15:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter."},{"lang":"es","value":"XSS fue descubierto en dotCMS 3.7.0, con un ataque no autenticado contra el parámetro /news-events/events date."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:3.7.0:*:*:*:*:*:*:*","matchCriteriaId":"9A30BB71-ACBD-426B-8468-58566A963A20"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96115","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5877","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T15:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /about-us/locations/index direction parameter."},{"lang":"es","value":"XSS fue descubierto en dotCMS 3.7.0, con un ataque no autenticado contra el parámetro /about-us/locations/index direction."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:3.7.0:*:*:*:*:*:*:*","matchCriteriaId":"9A30BB71-ACBD-426B-8468-58566A963A20"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96115","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96115","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dotCMS/core/issues/10643","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5879","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T15:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects source_selector.php and the following parameter: src."},{"lang":"es","value":"Se descubrió un problema en Exponent CMS 2.4.1. Se trata de una inyección SQL ciega que puede ser explotada por usuarios no autenticados a través de una petición HTTP GET y que puede utilizarse para transferir datos de la base de datos a un servidor malicioso mediante una técnica fuera de banda, tal como select_loadfile(). La vulnerabilidad afecta a source_selector.php y al siguiente parámetro: src."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"CA8F3A5C-6365-47C1-AC3B-AE490072DCE6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96039","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/exponentcms/exponent-cms/issues/73","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96039","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/exponentcms/exponent-cms/issues/73","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5102","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (segmentation fault) via a crafted gif file."},{"lang":"es","value":"Desbordamiento de búfer en la función readgifimage de gif2tiff.c en la herramienta gif2tiff en LibTIFF 4.0.6 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de un archivo gif manipulado"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2552","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96049","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343407","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3606-1/","source":"cve@mitre.org"},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96049","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1343407","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3606-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7446","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the MVG and SVG rendering code in GraphicsMagick 1.3.24 allows remote attackers to have unspecified impact via unknown vectors. Note: This vulnerability exists due to an incomplete patch for CVE-2016-2317."},{"lang":"es","value":"Desbordamiento del búfer en el código de renderización MVG y SVG en GraphicsMagick 1.3.24 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. Nota: Esta vulnerabilidad existe debido a un parche incompleto para CVE-2016-2317."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.24:*:*:*:*:*:*:*","matchCriteriaId":"133A92D4-A0C7-4FA5-AE31-EF566453FE02"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7447","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the EscapeParenthesis function in GraphicsMagick before 1.3.25 allows remote attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Desbordamiento del búfer basado en memoria dinámica en la función EscapeParenthesis en GraphicsMagick en versiones anteriores a 1.3.25 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.24","matchCriteriaId":"DFE97551-2A78-4E6F-934F-9FC98BA98D78"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7448","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size."},{"lang":"es","value":"El lector de RLE de Utah en GraphicsMagick en versiones anteriores a 1.3.25 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o asignaciones de memoria grandes) a través de vectores que implican la información de encabezado y el tamaño del archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.24","matchCriteriaId":"DFE97551-2A78-4E6F-934F-9FC98BA98D78"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7449","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a file containing an \"unterminated\" string."},{"lang":"es","value":"La función TIFFGetField en los coders/tiff.c en GraphicsMagick 1.3.24 permite a atacantes remotos provocar una denegación de servicio (lectura memoria dinámica fuera de límites) a través de un archivo que contiene una cadena \"unterminated\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.24:*:*:*:*:*:*:*","matchCriteriaId":"133A92D4-A0C7-4FA5-AE31-EF566453FE02"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1374233","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7800","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer underflow in the parse8BIM function in coders/meta.c in GraphicsMagick 1.3.25 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM chunk, which triggers a heap-based buffer overflow."},{"lang":"es","value":"Desbordamiento de enteros en la función parse8BIM en coders/meta.c en GraphicsMagick 1.3.25 y versiones en anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un fragmento 8BIM manipulado, que desencadena un desbordamiento de búfer basado en memoria dinámica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-191"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.25","matchCriteriaId":"AF23F625-1F2F-4908-9BBE-DEBF470B3FC8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93262","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96135","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381148","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93262","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96135","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381148","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9532","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the writeBufferToSeparateStrips function in tiffcrop.c in LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tif file."},{"lang":"es","value":"Desbordamiento de enteros en la función writeBufferToSeparateStrips en tiffcrop.c en LibTIFF en versiones anteriores a 4.0.7 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo tif manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2592","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/21/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/22/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94424","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397726","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/11/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/21/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1397726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9772","sourceIdentifier":"secalert@redhat.com","published":"2017-02-06T17:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive directory information via vectors involving the (1) client cache partition, (2) fileserver vice partition, or (3) certain RPC responses."},{"lang":"es","value":"OpenAFS 1.6.19 y versiones anteriores permiten a atacantes remotos obtener información de directorio sensible a través de vectores que implican (1) la partición de caché de cliente, (2) partición del servidor de archivos vice o (3) ciertas respuestas de RPC."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openafs:openafs:*:*:*:*:*:*:*:*","versionEndIncluding":"1.6.19","matchCriteriaId":"4D58A769-8828-4A9A-9920-FD05C176552A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/9","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94651","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94651","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5367","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others)."},{"lang":"es","value":"Existen múltiples vulnerabilidades XSS reflejadas dentro de los parámetros de entrada de formulario y enlace de ZoneMinder v1.30 y v1.29, una aplicación web de servidor CCTV de código abierto, lo que permite a un atacante remoto ejecutar secuencias de comandos maliciosos dentro del navegador de un cliente autenticado. La URL es /zm/index.php y los parámetros de muestra podrían incluir action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (entre otros)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:1.29.0:*:*:*:*:*:*:*","matchCriteriaId":"D21BFCAB-D244-4331-B545-B38448040CA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*","matchCriteriaId":"D79B2FB5-8AB8-49A9-B0E2-9215CB41D295"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96120","source":"cve@mitre.org"},{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96120","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5368","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.547","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others)."},{"lang":"es","value":"ZoneMinder v1.30 y v1.29, una aplicación web de servidor de CCTV de código abierto, es vulnerable a CSRF (Cross Site Request Forgery), lo que permite a un ataque remoto realizar cambios en la aplicación web como la víctima registrada actual. Si la víctima visita una página web maliciosa, el atacante puede crear de forma silenciosa y automática un nuevo usuario admin dentro de la aplicación web para la persistencia remota y otros ataques. La URL es /zm/index.php y los parámetros de ejemplo podrían incluir action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (entre otros)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:1.29.0:*:*:*:*:*:*:*","matchCriteriaId":"D21BFCAB-D244-4331-B545-B38448040CA4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:1.30.0:*:*:*:*:*:*:*","matchCriteriaId":"D79B2FB5-8AB8-49A9-B0E2-9215CB41D295"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96126","source":"cve@mitre.org"},{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96126","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5595","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T17:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A file disclosure and inclusion vulnerability exists in web/views/file.php in ZoneMinder 1.x through v1.30.0 because of unfiltered user-input being passed to readfile(), which allows an authenticated attacker to read local system files (e.g., /etc/passwd) in the context of the web server user (www-data). The attack vector is a .. (dot dot) in the path parameter within a zm/index.php?view=file&path= request."},{"lang":"es","value":"Existe una vulnerabilidad de divulgación e inclusión de archivos en web/views/file.php en ZoneMinder de 1.x hasta la versión v1.30.0 debido a que la entrada de usuario no filtrada se pasa a readfile(), lo que permite a un atacante autenticado leer archivos del sistema local (por ejemplo, /Etc/passwd) en el contexto del usuario del servidor web (www-data). El vector de ataque es un .. (punto punto) en el parámetro de ruta dentro de una petición zm/index.php?View=file&path=."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96125","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://seclists.org/bugtraq/2017/Feb/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5677","sourceIdentifier":"cve@mitre.org","published":"2017-02-06T18:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression."},{"lang":"es","value":"PEAR HTML_AJAX 0.3.0 hasta la versión 0.5.7 tiene una vulnerabilidad de Inyección de objetos PHP en el PHP Serializer. Permite la ejecución remota de código. En un punto de vista, la causa raíz es una expresión regular incorrecta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.3.0:*:*:*:*:*:*:*","matchCriteriaId":"44363911-DB3D-43B0-B9DF-5FB2F0CE9608"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.3.1:*:*:*:*:*:*:*","matchCriteriaId":"38F890FC-31D3-4441-8B8D-86A84EC77EE6"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C33E7BFE-5F77-4329-B562-C4FE0B51E192"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.3.3:*:*:*:*:*:*:*","matchCriteriaId":"33741A5B-EF7E-4491-A498-ECCB7BF71C67"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.3.4:*:*:*:*:*:*:*","matchCriteriaId":"8F495C13-4A7E-41B1-984B-D337C4902D21"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9CDE9746-0B92-4EFD-9D8A-4C0188CC718C"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.4.1:*:*:*:*:*:*:*","matchCriteriaId":"6A1F9178-43B1-4A7B-AF47-6960B524A5D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"57FFFA78-4AEF-4DD3-BB13-BC1D665AC599"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.1:*:*:*:*:*:*:*","matchCriteriaId":"FC0DCF82-839A-45FA-9CA5-E67783B76BBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.2:*:*:*:*:*:*:*","matchCriteriaId":"02C418F9-4DBB-413D-9096-2615E3924E29"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.3:*:*:*:*:*:*:*","matchCriteriaId":"855A68CC-20BE-43B4-8A6C-4712AE4D679B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.4:*:*:*:*:*:*:*","matchCriteriaId":"4CB125CD-0C86-4E10-91B2-534EFF2E773B"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.5:*:*:*:*:*:*:*","matchCriteriaId":"E105D250-2808-47B6-B8E2-63E0A325CFB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.6:*:*:*:*:*:*:*","matchCriteriaId":"4A0F0836-28AA-4E53-A579-A31B30A2A00A"},{"vulnerable":true,"criteria":"cpe:2.3:a:pear:html_ajax:0.5.7:*:*:*:*:*:*:*","matchCriteriaId":"F21140B8-BF43-494D-95C2-75F4AACB1DE0"}]}]}],"references":[{"url":"http://blog.pear.php.net/2017/02/02/security-html_ajax-058/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://karmainsecurity.com/KIS-2017-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96044","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://pear.php.net/bugs/bug.php?id=21165","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://blog.pear.php.net/2017/02/02/security-html_ajax-058/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://karmainsecurity.com/KIS-2017-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96044","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5acb5adcd195f9a06b732794cb0de7620def646","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://pear.php.net/bugs/bug.php?id=21165","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2014-9914","sourceIdentifier":"security@android.com","published":"2017-02-07T07:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets."},{"lang":"es","value":"Condición de carrera en la función ip4_datagram_release_cb en net/ipv4/datagram.c en el kernel de Linux en versiones anteriores a 3.15.2 permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) aprovechando expectativas incorrectas sobre el bloqueo durante el acceso multihilo a las estructuras de datos internas para sockets IPv4 UDP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7.8","versionEndExcluding":"3.10.45","matchCriteriaId":"80A43C19-EC66-4102-8135-E392C8D06017"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"3.12.23","matchCriteriaId":"655FD88B-E9E2-423E-9E42-4289EA0ED29D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"3.14.9","matchCriteriaId":"08F42EB9-1436-4C37-AD7B-6E6FB1F7C717"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.15","versionEndExcluding":"3.15.2","matchCriteriaId":"85903EBC-EB08-4A3D-8CC7-A7DDC755B5F5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a","source":"security@android.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2","source":"security@android.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96100","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a","source":"security@android.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96100","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/9709674e68646cee5a24e3000b3558d25412203a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10044","sourceIdentifier":"security@android.com","published":"2017-02-07T07:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call."},{"lang":"es","value":"La función aio_mount en fs/aio.c en el kernel de Linux en versiones anteriores a 4.7.7 no restringe adecuadamente el acceso de ejecución, lo que facilita a usuarios locales eludir restricciones de política destinadas SELinux W^X, y consecuentemente obtener privilegios, a través de una llamada de sistema io_setup."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.16.43","matchCriteriaId":"EE61EB40-EE9C-41E8-AC78-D38441DB9CF6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.4.24","matchCriteriaId":"21856BF4-4072-4055-BA57-93D5C4608C07"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.7.7","matchCriteriaId":"004A2488-AD73-4B53-961A-EEA808A5183D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a","source":"security@android.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7","source":"security@android.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96122","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a","source":"security@android.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=22f6b4d34fcf039c63a94e7670e0da24f8575a5a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.7.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96122","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/22f6b4d34fcf039c63a94e7670e0da24f8575a5a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-5677","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable permissions on the snmpd.config file, which allows local users to obtain the secret key for USM authentication by reading the file."},{"lang":"es","value":"bsnmpd, como se utiliza en FreeBSD 9.3, 10.1 y 10.2, utiliza permisos de lectura universal en el archivo snmpd.config, lo que permite a usuarios locales obtener la clave secreta para autenticación USM leyendo el archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*","matchCriteriaId":"57052F01-8695-4C63-A947-7671375B9312"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1034678","source":"cve@mitre.org"},{"url":"https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1034678","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8608","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."},{"lang":"es","value":"Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) y posiblemente ejecutar código arbitrario a través de un argumento (1) letra de unidad o (2) pInName manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:perl:perl:5.22:*:*:*:*:*:*:*","matchCriteriaId":"B77AB85D-D07A-4B50-BA07-A8BD256964D0"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source":"cve@mitre.org"},{"url":"https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://rt.perl.org/Public/Bug/Display.html?id=126755","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"cve@mitre.org"},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://rt.perl.org/Public/Bug/Display.html?id=126755","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-1504","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length."},{"lang":"es","value":"dhcpcd en versiones anteriores a 6.10.0 permite a atacantes remotos provocar una denegación de servicio (lectura no válida y caída) a través de vectores relacionados con la longitud de la opción."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dhcpcd_project:dhcpcd:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4","matchCriteriaId":"9C1D9FAA-608E-471D-9BF6-92E6D5C6D4B5"}]}]}],"references":[{"url":"http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034601","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201606-07","source":"cve@mitre.org"},{"url":"http://roy.marples.name/projects/dhcpcd/info/595883e2a431f65d8fabf33059aa4689cca17403","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://roy.marples.name/projects/dhcpcd/timeline?r=trunk&nd&c=2016-01-07+16%3A47%3A19&n=200","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1034601","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201606-07","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2539","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file."},{"lang":"es","value":"Vulnerabilidad de CSRF en install_modules.php en ATutor en versiones anteriores a 2.2.2 permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que cargan archivos arbitrarios y ejecutan código PHP arbitrario a través de vectores que implican un archivo zip manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.1","matchCriteriaId":"477E8516-CADE-4D79-85C3-E64736C03CA7"}]}]}],"references":[{"url":"https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39524/","source":"cve@mitre.org"},{"url":"https://github.com/atutor/ATutor/commit/bfc6c80c6c217c5515172f3cc949e13dfa1a92ac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://packetstormsecurity.com/files/136109/ATutor-LMS-2.2.1-CSRF-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39524/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2779","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."},{"lang":"es","value":"runuser en util-linux permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada del terminal."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kernel:util-linux:2.24.2-1:*:*:*:*:*:*:*","matchCriteriaId":"E8CE5F13-172E-470B-89BB-00E487AFEB42"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/27/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/27/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/27/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/27/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815922","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-2781","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."},{"lang":"es","value":"chroot en GNU coreutils, cuando se usa con --userspec, permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada del terminal."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":2.7}],"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:coreutils:*:*:*:*:*:*:*:*","matchCriteriaId":"982C2F02-A3D5-4ED7-B2C0-48CA01758EF4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/28/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/28/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/02/28/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/28/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6131","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types."},{"lang":"es","value":"El demangler en GNU Libiberty permite a atacantes remotos provocar una denegación de servicio (bucle infinito, desbordamiento de pila y caída) a través de un ciclo en las referencias de tipos destrozados recordados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:-:*:*:*:*:*:*:*","matchCriteriaId":"A3F885E6-F235-40D1-96BF-D9916E898699"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/30/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/30/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91519","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html","source":"cve@mitre.org","tags":["Mailing List","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/30/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/30/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91519","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-06/msg02030.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6175","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header."},{"lang":"es","value":"Vulnerabilidad de inyección Eval en php-gettext 1.0.12 y versiones anteriores permite a atacantes remotos ejecutar código PHP arbitrario a través de un encabezado de formularios plural manipulados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php-gettext_project:php-gettext:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.12","matchCriteriaId":"1F13095D-1402-48FD-805E-7CA1438E3012"}]}]}],"references":[{"url":"https://bugs.launchpad.net/php-gettext/+bug/1606184","source":"cve@mitre.org"},{"url":"https://github.com/NagVis/nagvis/commit/4fe8672a5aec3467da72b5852ca6d283c15adb53","source":"cve@mitre.org"},{"url":"https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40154/","source":"cve@mitre.org"},{"url":"https://bugs.launchpad.net/php-gettext/+bug/1606184","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/NagVis/nagvis/commit/4fe8672a5aec3467da72b5852ca6d283c15adb53","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40154/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6199","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object."},{"lang":"es","value":"ObjectSocketWrapper.java en Gradle 2.12 permite a atacantes remotos ejecutar código arbitrario a través de un objeto serializado manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gradle:gradle:2.12:*:*:*:*:*:*:*","matchCriteriaId":"EC546EE0-2EC8-4515-9AFC-2C1D08147973"}]}]}],"references":[{"url":"https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://philwantsfish.github.io/security/java-deserialization-github","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://philwantsfish.github.io/security/java-deserialization-github","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7164","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response."},{"lang":"es","value":"La función construct en puff.cpp en Libtorrent 1.1.0 permite a los seguidores de torrent remotos provocar una denegación de servicio (fallo de segmentación y caída) a través de una respuesta GZIP manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtorrent:libtorrent:1.1:*:*:*:*:*:*:*","matchCriteriaId":"09896FB0-65A3-43F9-AF0F-8E0F0F8EFF3C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/08/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/08/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92891","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/arvidn/libtorrent/issues/1021","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/arvidn/libtorrent/pull/1022","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/08/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/08/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92891","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/arvidn/libtorrent/issues/1021","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/arvidn/libtorrent/pull/1022","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7400","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T15:59:00.507","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action."},{"lang":"es","value":"Múltiples vulnerabilidades de inyección SQL en Exponent CMS en versiones anteriores a 2.4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) id en una acción de controlador de dirección activate_address, (2) title en una acción del controlador show blog o (3) content_id en una acción del controlador showComments expComment."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.9","matchCriteriaId":"C723D5FF-CEE4-461B-911F-E760A7BF1805"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93041","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40412/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/18/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93041","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/changesets/e916702a91a6342bbab483a2be2ba2f11dca3aa3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/commit/e916702a91a6342bbab483a2be2ba2f11dca3aa3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40412/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3020","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could allow a remote attacker to bypass security restrictions, caused by improper content validation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to bypass validation and load a page with malicious content."},{"lang":"es","value":"IBM Security Access Manager para Web 7.0.0, 8.0.0 y 9.0.0 podría permitir a un atacante remoto eludir las restricciones de seguridad, causada por la validación del contenido indebido. Al persuadir a una víctima para abrir contenido especialmente manipulado, un atacante podría aprovechar esta vulnerabilidad para eludir la validación y cargar una página con contenido malicioso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5A5ACB34-BC23-4175-9F6A-91FB6762A040"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"35BD8955-4735-4FDC-906A-B404C4E36417"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","matchCriteriaId":"6921A2CC-67D0-41B5-908B-F002C14AFD70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F5B95177-2AA3-45D4-895D-56CA35B32813"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996826","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996826","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6092","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user credentials in plain in clear text which can be read by a local user."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 almacena credenciales de usuario en claro en texto plano que puede ser leído por un usuario local."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C59D5198-0125-4397-ACD4-2AFE80FB0A6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"74E034D4-2424-4395-806A-4BFC86440724"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C549F098-24E9-4AC8-98C9-53A9FB802644"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8EFD9EB1-87F8-40E2-8A8C-F33B4D071400"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E0861924-B792-433E-A71D-2BE404A50012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"3450BBE6-A657-4C68-840F-85073E04A8A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"82B49D55-3442-42C0-86D8-889958BFC5BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"B0A894E2-E47E-40E9-B165-8B25F46139BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997953","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997953","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6094","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 genera un mensaje de error que incluye información sensible acerca de su entorno, usuarios o datos asociados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C59D5198-0125-4397-ACD4-2AFE80FB0A6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"74E034D4-2424-4395-806A-4BFC86440724"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C549F098-24E9-4AC8-98C9-53A9FB802644"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8EFD9EB1-87F8-40E2-8A8C-F33B4D071400"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E0861924-B792-433E-A71D-2BE404A50012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"3450BBE6-A657-4C68-840F-85073E04A8A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"82B49D55-3442-42C0-86D8-889958BFC5BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"B0A894E2-E47E-40E9-B165-8B25F46139BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997987","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95984","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997987","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6096","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C59D5198-0125-4397-ACD4-2AFE80FB0A6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"74E034D4-2424-4395-806A-4BFC86440724"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C549F098-24E9-4AC8-98C9-53A9FB802644"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8EFD9EB1-87F8-40E2-8A8C-F33B4D071400"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E0861924-B792-433E-A71D-2BE404A50012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"3450BBE6-A657-4C68-840F-85073E04A8A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"82B49D55-3442-42C0-86D8-889958BFC5BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"B0A894E2-E47E-40E9-B165-8B25F46139BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997984","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95983","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95983","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6097","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages to be stored locally which can be read by another user on the system."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5 y 2.6 permite que las páginas web se almacenen localmente de forma que puedan ser leídas por otro usuario en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C59D5198-0125-4397-ACD4-2AFE80FB0A6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"74E034D4-2424-4395-806A-4BFC86440724"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C549F098-24E9-4AC8-98C9-53A9FB802644"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8EFD9EB1-87F8-40E2-8A8C-F33B4D071400"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E0861924-B792-433E-A71D-2BE404A50012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"5F62652F-538C-4B5E-9FAD-1CF11FE2D8A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"3450BBE6-A657-4C68-840F-85073E04A8A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"82B49D55-3442-42C0-86D8-889958BFC5BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.7:*:*:*:*:*:*:*","matchCriteriaId":"B0A894E2-E47E-40E9-B165-8B25F46139BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_key_lifecycle_manager:2.0.1.8:*:*:*:*:*:*:*","matchCriteriaId":"1FB97FF5-8B8C-4933-BF58-EBBE1B7B515D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997986","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95977","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997986","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95977","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6104","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-07T16:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system."},{"lang":"es","value":"IBM Tivoli Key Lifecycle Manager 2.5 y 2.6 podría permitir a un atacante remoto subir archivos arbitrarios, causado por la validación incorrecta de extensiones de archivo, que podría permitir al atacante ejecutar código arbitrario en el sistema vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0E836F-4C4E-4630-9999-91B166DEABA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"AE43784F-AEBE-4399-82C5-A339D9BCB676"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4E57B0BB-2994-4A47-9C32-3DA982F23071"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8FD5B68E-FB45-4985-96C7-6CFF3765E761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AF878AE8-D016-4546-84ED-5D65E21F833B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"81E86F00-E597-4C98-9863-05A4BA84D0A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1BE7F6BA-BB8E-4249-81EE-EC8C617B48E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"CAA52325-CC9C-481A-8140-32C86608E2B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F809CA96-9F05-4E58-91D0-9F05DC984D2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"6FAD90D4-0058-4DFB-8C72-DFBA3072C5C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1D107CCC-476F-4453-BF41-B83923E5D695"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_key_lifecycle_manager:2.6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"DC7EB2EF-C7E1-4A44-9096-C3694BD5EBE3"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997988","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95980","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997988","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95980","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-7599","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password."},{"lang":"es","value":"Desbordamiento de entero en la función _authenticate en svc_auth.c en Wind River VxWorks 5.5 hasta la versión 6.9.4.1, cuando el protocolo Remote Procedure Call (RPC) esta habilitado, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un nombre de usuario y contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4.1","matchCriteriaId":"A26082C0-6F92-49E3-A7AC-F4ED7C214EF6"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*","matchCriteriaId":"FE3680A0-7B0C-4E91-97D7-B3F33EE1569A"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:6.4:*:*:*:*:*:*:*","matchCriteriaId":"1F452ABB-0174-4EC5-A82B-9D1164EBB163"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:6.7:*:*:*:*:*:*:*","matchCriteriaId":"D930A712-C6C8-4251-8FB5-78E65DF2DFBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:6.8:*:*:*:*:*:*:*","matchCriteriaId":"3F36DA7F-6593-4327-A104-2F8829F2ED32"},{"vulnerable":true,"criteria":"cpe:2.3:o:windriver:vxworks:6.9:*:*:*:*:*:*:*","matchCriteriaId":"01004955-97D1-4F7E-80D4-4B1509945FBF"}]}]}],"references":[{"url":"http://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarification.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/79205","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impacting-netapp-e-series-products?language=en_US","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20151029-0001/","source":"cve@mitre.org"},{"url":"https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstellar_Eric_Yannick.pdf","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://blogs.windriver.com/wind_river_blog/2015/09/wind-river-vxworks-updateclarification.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/79205","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/cve-2015-7599-vxworks-vulnerability-impacting-netapp-e-series-products?language=en_US","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20151029-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.syscan360.org/slides/2015_EN_AttackingVxWorksFromstoneagetointerstellar_Eric_Yannick.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8322","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote authenticated users to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"NetApp OnCommand System Manager 8.3.x en versiones anteriores a 8.3.2 permite a usuarios remotos autenticados ejecutar código arbitrario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:data_ontap:8.3:*:*:*:*:*:*:*","matchCriteriaId":"6779036A-9295-48A0-80C4-F47B37D51E1D"},{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:data_ontap:8.3.1:*:*:*:*:*:*:*","matchCriteriaId":"86BAEF32-AEF5-47C8-B82F-8E53CEC9B7E9"}]}]}],"references":[{"url":"https://kb.netapp.com/support/index?page=content&id=9010070","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0003/","source":"cve@mitre.org"},{"url":"https://kb.netapp.com/support/index?page=content&id=9010070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-8544","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors."},{"lang":"es","value":"NetApp SnapDrive para Windows en versiones anteriores a 7.0.2P4, 7.0.3 y 7.1 en versiones anteriores a 7.1.3P1 permite a atacantes remotos obtener información sensible a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapdrive:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.3","matchCriteriaId":"91AC6C78-FB2C-41AD-B98A-49D5666FFB51"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/cve-2015-8544-sensitive-information-disclosure-in-snapdrive-for-windows","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160111-0001/","source":"cve@mitre.org"},{"url":"https://kb.netapp.com/support/s/article/cve-2015-8544-sensitive-information-disclosure-in-snapdrive-for-windows","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160111-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-1502","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors."},{"lang":"es","value":"NetApp SnapCenter Server 1.0 y 1.0P1 permite a atacantes remotos eludir parcialmente la autenticación y luego listar y eliminar copias de seguridad a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter_server:1.0:*:*:*:*:*:*:*","matchCriteriaId":"E4598A12-709D-4BFC-BA79-210FBB0D2871"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter_server:1.0:p1:*:*:*:*:*:*","matchCriteriaId":"8F9291D6-982F-4466-91EB-BFCB20DF6BF1"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/authentication-bypass-vulnerability-in-snapcenter-server-1-0-1-0p1","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://kb.netapp.com/support/s/article/authentication-bypass-vulnerability-in-snapcenter-server-1-0-1-0p1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1894","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors."},{"lang":"es","value":"NetApp OnCommand Workflow Automation en versiones anteriores a 3.1P2 permite a atacantes remotos eludir la autenticación a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:*:p1:*:*:*:*:*:*","versionEndIncluding":"3.1","matchCriteriaId":"3477DA40-F206-4FF1-8BE8-203CB08092DF"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/cve-2016-1894-authentication-bypass-vulnerability-in-oncommand-workflow-automation","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0001/","source":"cve@mitre.org"},{"url":"https://kb.netapp.com/support/s/article/cve-2016-1894-authentication-bypass-vulnerability-in-oncommand-workflow-automation","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2403","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind."},{"lang":"es","value":"Symfony en versiones anteriores a 2.8.6 y 3.x en versiones anteriores a 3.0.6 permite a atacantes remotos eludir la autenticación mediante el inicio de sesión con un nombre de usuario válido y una contraseña vacía, lo que desencadena una unión no autenticada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"C01C2E25-6FEE-49C8-A9D8-F4935A0F915E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"68869331-57A0-451D-9888-32643537B736"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"3598D2C0-4AB1-4C4F-98ED-2862E7C42497"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"9F100F2F-EB9F-41E3-AB84-49E49A61C728"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"135156B2-2ADF-4127-A4F1-309FB99868B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"AABE15FF-B488-49D6-B284-89ECE1C2E54C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D07C355A-FF00-44DF-A899-B727DAEBB83F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"235F1F79-E3FB-452C-98E3-A3D978CC9819"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"FC270EEB-02CC-4960-9F3D-41AB86636864"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"C1570191-3967-4C89-B7B3-07C4FC369C95"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"1FC56E52-31DB-4B3C-8E07-B7358079DEC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sensiolabs:symfony:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"CE067114-08AF-46F0-8F46-1485C93A8857"}]}]}],"references":[{"url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96137","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.debian.org/security/2018/dsa-4262","source":"cve@mitre.org"},{"url":"http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96137","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.debian.org/security/2018/dsa-4262","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3063","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple functions in NetApp OnCommand System Manager before 8.3.2 do not properly escape special characters, which allows remote authenticated users to execute arbitrary API calls via unspecified vectors."},{"lang":"es","value":"Funciones múltiples en NetApp OnCommand System Manager en versiones anteriores a 8.3.2 no escapan adecuadamente de caracteres especiales, lo que permite a usuarios remotos autenticados ejecutar llamadas API arbitrarias a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"8.3.1","matchCriteriaId":"47451CA5-0035-47B6-88B7-28E59F0F5609"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0004/","source":"cve@mitre.org"},{"url":"https://kb.netapp.com/support/s/article/cve-2016-3063-zapi-injection-vulnerability-in-oncommand-system-manager","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160310-0004/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3124","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors."},{"lang":"es","value":"El módulo sanitycheck en SimpleSAMLphp en versiones anteriores a 1.14.1 permite a atacantes remotos aprender la versión de PHP en el sistema a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.0","matchCriteriaId":"19218482-5E22-49D6-AE2B-A493C7EA8BDE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96134","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://simplesamlphp.org/security/201603-01","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96134","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://simplesamlphp.org/security/201603-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3180","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature."},{"lang":"es","value":"Tor Browser Launcher (también conocido como torbrowser-launcher) en versiones anteriores a 0.2.4, durante la ejecución inicial, permite a atacantes man-in-the-middle eludir la verificación de la firma PGP y ejecutar código arbitrario a través de un archivo troyano tar y un archivo de firma con el tarball y la firma válidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tor_browser_launcher_project:tor_browser_launcher:0.2.3:*:*:*:*:*:*:*","matchCriteriaId":"B9C3B279-C79F-444F-92AA-8C04A7E25662"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96140","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/micahflee/torbrowser-launcher/issues/229","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/micahflee/torbrowser-launcher/issues/229","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4341","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.460","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to obtain SMB share information via unspecified vectors."},{"lang":"es","value":"NetApp Clustered Data ONTAP en versiones anteriores a 8.3.2P7 permite a atacantes remotos obtener información compartida SMB a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*","versionEndIncluding":"8.3.2","matchCriteriaId":"68B99BA6-8AEE-4019-BE76-53B09DCA0E8F"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/NTAP-20161028-0001","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20161028-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5372","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors."},{"lang":"es","value":"Vulnerabilidad de CSRF en NetApp Snap Creator Framework en versiones anteriores a 4.3.0P1 permite a atacantes remotos secuestrar la autenticación de usuarios para peticiones que tienen un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snap_creator_framework:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.0","matchCriteriaId":"CF7432E5-2435-45B9-826A-D49509CC49F6"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/cve-2016-5372-cross-site-request-forgery-vulnerability-in-snap-creator-framework","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160622-0001/","source":"cve@mitre.org"},{"url":"https://kb.netapp.com/support/s/article/cve-2016-5372-cross-site-request-forgery-vulnerability-in-snap-creator-framework","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20160622-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5711","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors."},{"lang":"es","value":"NetApp Virtual Storage Console para VMware vSphere en versiones anteriores a 6.2.1 utiliza un certificado no único, lo que permite a atacantes remotos llevar a cabo ataques man-in-the-middle a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:virtual_storage_console_for_vmware_vsphere:*:*:*:*:*:*:*:*","versionEndIncluding":"6.2","matchCriteriaId":"726B92AF-EC9A-4E27-909A-1891A33A0204"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/NTAP-20161108-0001","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20161108-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6495","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows remote attackers to obtain information about the volumes configured for HTTP access."},{"lang":"es","value":"NetApp Data ONTAP en versiones anteriores a 8.2.4P5, cuando opera en 7-Mode, permite a atacantes remotos obtener información sobre los volúmenes configurados para el acceso HTTP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netapp:data_ontap:*:*:*:*:*:*:*:*","versionEndIncluding":"8.2.4","matchCriteriaId":"56A2FEB8-76F8-4BD2-B532-2496D07CC35D"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/NTAP-20160929-0001","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20160929-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6667","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.583","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors."},{"lang":"es","value":"NetApp OnCommand Unified Manager para Clustered Data ONTAP 6.3 hasta la versión 6.4P1 contiene una cuenta privilegiada por defecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:6.3:*:*:*:*:*:*:*","matchCriteriaId":"EE13FE66-8850-4A7E-8C54-ED7A1B170684"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:6.4:*:*:*:*:*:*:*","matchCriteriaId":"6B90F74E-87CB-4F0A-A9EF-1735DB5E50F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_unified_manager_for_clustered_data_ontap:6.4:p1:*:*:*:*:*:*","matchCriteriaId":"C3BA60D3-C441-4B90-A05F-166FE94DB887"}]}]}],"references":[{"url":"https://kb.netapp.com/support/s/article/NTAP-20161017-0002","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20161017-0002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9639","sourceIdentifier":"cve@mitre.org","published":"2017-02-07T17:59:00.617","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching."},{"lang":"es","value":"Salt en versiones anteriores a 2015.8.11 permite a minions eliminados para leer o escribir minions con el mismo id, relacionado con el almacenamiento en caché."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*","versionEndIncluding":"2015.8.10","matchCriteriaId":"601AD350-4B5C-4987-8B88-25CBB8B070EC"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/25/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/25/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94553","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/25/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/25/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94553","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.saltstack.com/en/2015.8/ref/configuration/master.html#rotate-aes-key","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8414","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. References: QC-CR#1076407."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en Qualcomm Secure Execution Environment Communicator podría habilitar que una aplicación local maliciosa accediera a datos fuera de sus niveles de permisos. Este problema se califica como Moderate porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. Referencias: QC-CR#1076407."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96111","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96111","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8418","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.363","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product: Android. Versions: N/A. Android ID: A-32652894. References: QC-CR#1077457."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en el controlador crypto Qualcomm podría habilitar a un atacante remoto a ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como Critical debido a la posibilidad de ejecutar código remoto dentro del contexto del Kernel. Producto: Android. Versiones: N/A. Android ID: A-32652894. Referencias: QC-CR#1077457."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"2567A6D5-BBA1-47B2-B1C3-EFABE9408FA9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96058","source":"security@android.com","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96058","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8419","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. References: QC-CR#1087209."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32454494. Referencias: QC-CR#1087209."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8420","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. Referencias: QC-CR#1087807."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8421","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. Referencias: QC-CR#1087797."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8476","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. Referencias: QC-CR#1091940."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8480","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Secure Execution Environment Communicator driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. References: QC-CR#1086186."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Qualcomm Secure Execution Environment Communicator podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31804432. Referencias: QC-CR#1086186."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96101","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8481","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de sonido Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema se califica como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. Referencias: QC-CR#1078000."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96053","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0405","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en el Surfaceflinger podría habilitar un ataque usando un archivo especialmente manipulado a provocar corrupción de memoria durante el procesamiento de archivos multimedia y datos. Este problema se califica como Critical debido a la posibilidad de ejecutar código remoto en el contexto de procesos de Surfaceflinger. Producto: Android. Versiones: 7.0, 7.1.1. Android ID: A-31960359."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96048","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96048","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0406","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.630","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en Mediaserver podría habilitar a un atacante que utiliza un archivo especialmente manipulado a provocar corrupción de memoria durante el procesamiento de archivos multimedia y datos. Este problema está clasificado como Critical debido a la posibilidad de ejecución remota de código dentro del contexto del proceso Mediaserver. Esto afecta a la librería libhevc. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96046","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96046","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0407","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.660","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en Mediaserver podría habilitar a un atacante que utiliza un archivo especialmente manipulado a provocar corrupción de memoria durante el procesamiento de archivos multimedia y datos. Este problema está clasificado como Critical debido a la posibilidad de ejecución remota de código dentro del contexto del proceso Mediaserver. Esto afecta a la librería libhevc. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96046","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96046","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0408","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en libgdx podría habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar código arbitrario dentro del contexto de un proceso no privilegiado. Este problema está clasificado como High debido a la posibilidad de ejecución remota de código en una aplicación que utilice esta librería. Producto: Android. Versiones: 7.1.1. Android ID: A-32769670."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96092","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0409","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.723","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."},{"lang":"es","value":"Una vulnerabilidad de ejecución de código remoto en libstagefright podría habilitar a un atacante que utiliza un archivo especialmente manipulado a ejecutar código arbitrario en el contexto de un proceso no privilegiado. Este problema está clasificado como High debido a la posibilidad de ejecución remota de código en una aplicación que utilice esta librería. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96091","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0410","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.753","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el Framework APIs podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96056","source":"security@android.com"},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96056","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0411","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.787","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el Framework APIs podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 7.0, 7.1.1. Android ID: A-33042690."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96056","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41354/","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96056","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41354/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0412","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el Framework APIs podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 7.0, 7.1.1. Android ID: A-33039926."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-367"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96056","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41355/","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96056","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41355/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0413","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.833","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en AOSP Messaging podría habilitar a una aplicación local maliciosa a eludir las protecciones del sistema de operación que aísla los datos de aplicación de otras aplicaciones. Este problema está clasificado como High porque puede ser usado para obtener acceso a datos a los cuales la aplicación no tiene acceso. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96063","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96063","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0414","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.863","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información in AOSP Messaging podría habilitar a una aplicación local maliciosa a eludir las protecciones del sistema de operación que aisla los datos de aplicación de otras aplicaciones. Este problema está clasificado como High porque puede ser usado para obtener acceso a datos a los cuales la aplicación no tiene acceso. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96063","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96063","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0415","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Mediaserver podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96089","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96089","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0416","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Audioserver podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96055","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0417","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Audioserver podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96055","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0418","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:00.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Audioserver podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96055","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0419","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.020","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Audioserver podría permitir a una aplicación local maliciosa local ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como High porque podría utilizarse para obtener acceso local a capacidades elevadas, que normalmente no son accesibles a una aplicación de terceros. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96055","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0420","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en AOSP Mail podría habilitar a una aplicación local maliciosa a eludir las protecciones del sistema de operación que aisla los datos de aplicación de otras aplicaciones. Este problema está clasificado como High porque puede ser usado para obtener acceso a datos a los cuales la aplicación no tiene acceso. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96093","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0421","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.097","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en el Framework APIs podría habilitar a una aplicación local maliciosa a eludir las protecciones del sistema de operación que aisla los datos de aplicación de otras aplicaciones. Este problema está clasificado como High porque puede ser usado para obtener acceso a datos a los cuales la aplicación no tiene acceso. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96096","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0422","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088."},{"lang":"es","value":"Una vulnerabilidad de denegación de servicio en Bionic DNS podría habilitar a un atacante remoto a usar un paquete de red especialmente manipulado para provocar un bloqueo o reinicio del dispositivo. Este problema está clasificado como High debido a la posibilidad de una denegación de servicio remota. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96097","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96097","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0423","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Bluetooth podría habilitar a un atacante próximo gestionar el acceso a documentos en el dispositivo. Este problema está clasificado como Moderate porque primero requiere la explotación de una vulnerabilidad separada en la pila de Bluetooth. Producto: Android. Versiones: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:N/A:N","baseScore":2.9,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":5.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96102","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96102","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0424","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en AOSP Messaging podría habilitar a un atacante remoto utilizando un archivo especial manipulado acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como Moderate porque es un bypass general para un nivel de defensa de usuario en profundidad o explotar la tecnología de mitigación en un proceso privilegiado. Producto: Android. Versiones: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96104","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0425","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en Audioserver podría habilitar a una aplicación local maliciosa acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como Moderate porque podría ser utilizado para acceso a datos sensibles sin permiso. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0:*:*:*:*:*:*:*","matchCriteriaId":"A39C31E3-75C0-4E92-A6B5-7D67B22E3449"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"BB318EA4-2908-4B91-8DBB-20008FDF528A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1F4E46A9-B652-47CE-92E8-01021E57724B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"AB9B53C6-AE84-4A45-B83E-8E5CE44F7B93"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"36DD8E3F-6308-4680-B932-4CBD8E58A7FB"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1:*:*:*:*:*:*:*","matchCriteriaId":"1DA9F0F7-D592-481E-884C-B1A94E702825"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"6CD857E7-B878-49F9-BDDA-93DDEBB0B42B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2:*:*:*:*:*:*:*","matchCriteriaId":"FBDABB6C-FFF9-4E79-9EF1-BDC0BBDEA9F1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A47AB858-36DE-4330-8CAC-1B46C5C8DA80"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"49413FF7-7910-4F74-B106-C3170612CB2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3:*:*:*:*:*:*:*","matchCriteriaId":"A2467F65-A3B7-4E45-A9A5-E5A6EFD99D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"A8882E50-7C49-4A99-91F2-DF979CF8BB2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4:*:*:*:*:*:*:*","matchCriteriaId":"98C32982-095C-4628-9958-118A3D3A9CAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8FC0FCEA-0B3D-43C1-AB62-4F9C880B4CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.2:*:*:*:*:*:*:*","matchCriteriaId":"EC75ED04-B8C7-4CC0-AC64-AE2D9E0CDF5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FC13D3EE-CC89-4883-8E3D-3FE25FB8CF42"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","matchCriteriaId":"E3CEEA22-63B4-4702-A400-01349DF0EC1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C4E6353-B77A-464F-B7DE-932704003B33"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"77125688-2CCA-4990-ABB2-551D47CB0CDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E9915371-C730-41F7-B86E-7E4DE0DF5385"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*","matchCriteriaId":"E7A8EC00-266C-409B-AD43-18E8DFCD6FE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B846C63A-7261-481E-B4A4-0D8C79E0D8A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B1D94CDD-DE7B-444E-A3AE-AE9C9A779374"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E70C6D8D-C9C3-4D92-8DFC-71F59E068295"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"691FA41B-C2CE-413F-ABB1-0B22CB322807"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96106","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96106","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0426","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en el Filesystem podría habilitar a una aplicación local maliciosa acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como Moderate porque podría ser utilizado para acceso a datos sensibles sin permiso. Producto: Android. Versiones: 7.0, 7.1.1. Android ID: A-32799236."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*","matchCriteriaId":"09E6085C-A61E-4A89-BF80-EDD9A7DF1E47"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FC30B2A2-9674-4052-B402-20348E50F9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96099","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96099","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0427","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el sistema de archivos del kernel podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como Critical debido a la posibilidad de un compromiso de dispositivo local permanente, lo que puede requerir reflash del sistema de operación para reparar el dispositivo. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31495866."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96071","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96071","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0428","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador NVIDIA GPU podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como Critical debido a la posibilidad de un compromiso de dispositivo local permanente, lo que puede requerir reflash del sistema de operación para reparar el dispositivo. Producto: Android. Versiones: Kernel-3.10. Android ID: A-32401526. Referencias: N-CVE-2017-0428."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96070","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0429","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. References: N-CVE-2017-0429."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador NVIDIA GPU podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como Critical debido a la posibilidad de un compromiso de dispositivo local permanente, lo que puede requerir reflash del sistema de operación para reparar el dispositivo. Producto: Android. Versiones: Kernel-3.10. Android ID: A-32636619. Referencias: N-CVE-2017-0429."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96070","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0430","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. References: B-RB#107459."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Broadcom Wi-Fi podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como Critical debido a la posibilidad de un compromiso de dispositivo local permanente, lo que puede requerir reflash del sistema de operación para reparar el dispositivo. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32838767. Referencias: B-RB#107459."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96065","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96065","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0432","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-28332719."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador MediaTek podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10. Android ID: A-28332719."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96067","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0433","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913571."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil Synaptics podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del chipset de pantalla táctil. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10. Android ID: A-31913571."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96061","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://alephsecurity.com/vulns/aleph-2016001","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96061","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://alephsecurity.com/vulns/aleph-2016001","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0434","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the touchscreen chipset. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-33001936."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil Synaptics podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del chipset de pantalla táctil. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.18. Android ID: A-33001936."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96061","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96061","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0435","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. References: QC-CR#1078000."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de sonido Qualcomm podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31906657. Referencias: QC-CR#1078000."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96053","source":"security@android.com"},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96053","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0436","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. References: QC-CR#1078000."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de sonido Qualcomm podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. Referencias: QC-CR#1078000."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96053","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96053","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0437","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.583","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. References: QC-CR#1092497."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. Referencias: QC-CR#1092497."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0438","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. References: QC-CR#1092497."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32402604. Referencias: QC-CR#1092497."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0439","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. References: QC-CR#1092059."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32450647. Referencias: QC-CR#1092059."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.codeaurora.org/out-bounds-write-wifi-driver-function-hddextscanpasspointfillnetworklist-cve-2017-0439","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0440","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.677","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. References: QC-CR#1095770."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-33252788. Referencias: QC-CR#1095770."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0441","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. Referencias: QC-CR#1095009."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.codeaurora.org/possible-integer-overflow-buffer-overflow-qcanl80211vendorsubcmdextscansetsignificantchange-cve-2017","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0442","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. References: QC-CR#1092497."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32871330. Referencias: QC-CR#1092497."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0443","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.770","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. References: QC-CR#1092497."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Wi-Fi de Qualcomm podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. Referencias: QC-CR#1092497."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D835D592-2423-44C6-804A-3AD010112E7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96047","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443","source":"security@android.com"},{"url":"http://www.securityfocus.com/bid/96047","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.codeaurora.org/out-bounds-write-wlan-driver-function-wlanhddcfg80211setextroamparams-cve-2017-0443","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0444","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Realtek sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32705232."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de sonido Realtek podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10. Android ID: A-32705232."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96107","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0445","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.833","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32769717."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil HTC podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.18. Android ID: A-32769717."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96054","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0446","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.880","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32917445."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil HTC podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.18. Android ID: A-32917445."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96054","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0447","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32919560."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador de pantalla táctil HTC podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como High porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.18. Android ID: A-32919560."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96054","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0448","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:01.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. References: N-CVE-2017-0448."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en el controlador de vídeo NVIDIA podría habilitar a una aplicación local maliciosa acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como High porque podría ser utilizado para acceso a datos sensibles sin permisos de usuario explícitos. Producto: Android. Versiones: Kernel-3.10. Android ID: A-32721029. Referencias: N-CVE-2017-0448."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96105","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0449","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:02.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10. Android ID: A-31707909. References: B-RB#32094."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en el controlador Broadcom Wi-Fi podría habilitar a una aplicación local maliciosa a ejecutar código arbitrario dentro del contexto del kernel. Este problema está clasificado como Moderate porque primero requiere comprometer un proceso privilegiado y es mitigado por las configuraciones de la plataforma actual. Producto: Android. Versiones: Kernel-3.10. Android ID: A-31707909. Referencias: B-RB#32094."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96110","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96110","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0450","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:02.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegio en Audioserver podría habilitar a una aplicación local maliciosa ejecutar código arbitrario dentro del contexto de un proceso privilegiado. Este problema está clasificado como Moderate porque es mitigado por las configuraciones de la plataforma actual. Producto: Android. Versiones: N/A. Android ID: A-32917432."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96109","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96109","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0451","sourceIdentifier":"security@android.com","published":"2017-02-08T15:59:02.067","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en el controlador de sonido Qualcomm podría habilitar a una aplicación local maliciosa acceder a datos fuera de sus niveles de permiso. Este problema está clasificado como Moderate porque primero requiere comprometer un proceso privilegiado. Producto: Android. Versiones: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. Referencias: QC-CR#1073129."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.1","matchCriteriaId":"0F11609D-D1B4-4DD6-8CC7-A224344E1E67"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.10:*:*:*:*:*:*:*","matchCriteriaId":"1C37F47C-C217-4BCF-A758-14E1BDBAD63D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:3.18:*:*:*:*:*:*:*","matchCriteriaId":"364CAD86-F652-4B84-932A-A8D9146C9010"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96108","source":"security@android.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"security@android.com"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"security@android.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96108","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037798","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://source.android.com/security/bulletin/2017-02-01.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-0270","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T16:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a \"forbidden attack.\" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue."},{"lang":"es","value":"IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 hasta la versión 9.0.1 Fix Pack 5 Interim Fix 1, cuando se usa TLS y AES GCM, utiliza generación aleatoria de nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando la reutilización de un nonce en una sesión y un \"ataque prohibido\". NOTA: esta CVE ha sido usada incorrectamente para problemas de reutilización de GCM nonce en otros productos; ver CVE-2016-10213 para el problema A10, CVE-2016-10212 para el problema Radware y CVE-2017-5933 para el problema Citrix."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:client_application_access:1.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"D8173749-67C8-46D1-8505-200ADF7A70D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BF7A97DE-36BC-4DFC-9F44-EF2C155703B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"4C05B1F1-EDFC-46AC-B701-13652ABA7065"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:domino:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"D246A5C6-E12D-4B5D-8319-0A9F52899173"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:notes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A6C10DAB-5579-4273-9B5E-58199A978DD6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:notes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"AFAB1EE7-3835-4AD6-8F13-01C1CB62F98D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:notes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"320A0EC3-D4DC-4CEC-B71A-47658A8C17AC"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979604","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979669","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979673","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96062","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037795","source":"psirt@us.ibm.com"},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"psirt@us.ibm.com","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX220329","source":"psirt@us.ibm.com"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979604","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979669","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21979673","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037795","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX220329","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10212","sourceIdentifier":"cve@mitre.org","published":"2017-02-08T16:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Radware devices use the same value for the first two GCM nonces, which allows remote attackers to obtain the authentication key and spoof data via a \"forbidden attack,\" a similar issue to CVE-2016-0270.  NOTE: this issue may be due to the use of a third-party Cavium product."},{"lang":"es","value":"Dispositivos Radware utilizan el mismo valor para los dos primeros GCM nonces, lo que permite a atacantes remotos obtener la clave de autenticación y suplantar data a través de un \"ataque prohibido\", un problema similar a CVE-2016-0270. NOTA: este problema puede deberse al uso de un producto Cavium de terceros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:radware:alteon:*:*:*:*:*:*:*:*","versionEndIncluding":"30.0.5.10","matchCriteriaId":"FCDE2E08-3B2A-4EB3-97D4-B361104B0660"},{"vulnerable":true,"criteria":"cpe:2.3:o:radware:alteon:*:*:*:*:*:*:*:*","versionEndIncluding":"30.2.1.1","matchCriteriaId":"DF3497AB-4899-4AAD-9DB6-FDDD5FE2636E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96172","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.radware.com/app/answers/answer_view/a_id/18456","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96172","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.radware.com/app/answers/answer_view/a_id/18456","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10213","sourceIdentifier":"cve@mitre.org","published":"2017-02-08T16:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A10 AX1030 and possibly other devices with software before 2.7.2-P8 uses random GCM nonce generations, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging a reused nonce in a session and a \"forbidden attack,\" a similar issue to CVE-2016-0270."},{"lang":"es","value":"A10 AX1030 y posiblemente otros dispositivos con software en versiones anteriores a 2.7.2-P8 utiliza generaciones aleatorias de GCM nonce, lo que facilita a atacantes remotos obtener la clave de autenticación y suplantar datos aprovechando un nonce reutilizado en una sesión y un \"ataque prohibido\", un problema similar a CVE-2016-0270."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:a10networks:advanced_core_operating_system:*:p7:*:*:*:*:*:*","versionEndIncluding":"2.7.2","matchCriteriaId":"E32CA8C6-D959-40E5-B2E8-ED020D270536"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96163","source":"cve@mitre.org"},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"cve@mitre.org"},{"url":"https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96163","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.a10networks.com/blog/cve-2016-0270-gcm-nonce-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8492","sourceIdentifier":"psirt@fortinet.com","published":"2017-02-08T16:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows attackers to gain unauthorized read access to data handled by the device via IPSec/TLS decryption."},{"lang":"es","value":"La implementación de un ANSI X9.31 RNG en Fortinet FortiGate permite a atacantes obtener acceso de lectura no autorizada a los datos manejados por el dispositivo a través de descifrado IPSec/TLS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionEndIncluding":"4.3.18","matchCriteriaId":"A91AE7E3-D33B-4235-916E-D4400595809B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.0:*:*:*:*:*:*:*","matchCriteriaId":"DACF637E-FB3C-4FE5-B7EA-40D4DD891A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.10:*:*:*:*:*:*:*","matchCriteriaId":"B75D8F35-830C-498C-B658-AE89154BEB8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.12:*:*:*:*:*:*:*","matchCriteriaId":"D6CBC65E-6DF2-406D-9037-897218AB9257"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.13:*:*:*:*:*:*:*","matchCriteriaId":"0AB85DAD-03EA-4B16-8FF8-F02ACEF0EE1F"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.14:*:*:*:*:*:*:*","matchCriteriaId":"A97B341D-3B9D-4D37-8D5B-6062BE1C3AC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.15:*:*:*:*:*:*:*","matchCriteriaId":"720D70D8-9B45-4395-8989-B90884389D85"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.16:*:*:*:*:*:*:*","matchCriteriaId":"5E6E8681-0D3F-46ED-8B84-59E07FBB0F16"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:4.3.17:*:*:*:*:*:*:*","matchCriteriaId":"A93B8A3E-BB55-46EF-B48C-E425A7A71C8B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94480","source":"psirt@fortinet.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-16-067","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94480","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://fortiguard.com/advisory/FG-IR-16-067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5933","sourceIdentifier":"cve@mitre.org","published":"2017-02-08T16:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a \"forbidden attack,\" a similar issue to CVE-2016-0270."},{"lang":"es","value":"Citrix NetScaler ADC y NetScaler Gateway 10.5 en versiones anteriores a Build 65.11, 11.0 en versiones anteriores a Build 69.12/69.123 y 11.1 en versiones anteriores a Build 51.21 genera aleatoriamente GCM nonces, lo que hace marginalmente más fácil a atacantes remotos obtener la clave de autenticación de GCM y falsificar datos aprovechando aprovechando una nonce reutilizada en una sesión y un \"ataque prohibido\", un problema similar a CVE-2016-0270."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10.5.65.11","matchCriteriaId":"2E70E5D1-F79F-483B-AA26-C2EA34A8CBBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0.69.12","matchCriteriaId":"29DE7CF6-66F9-4B13-92D4-44107ADDFCB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:netscaler_application_delivery_controller_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"11.1.51.21","matchCriteriaId":"9F1296F8-B7E8-443E-8C47-89B6EBD5C2FF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96151","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX220329","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96151","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/nonce-disrespect/nonce-disrespect","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.citrix.com/article/CTX220329","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2765","sourceIdentifier":"security_alert@emc.com","published":"2017-02-08T17:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 is affected by an authentication bypass vulnerability that could potentially be exploited by attackers to compromise the affected system."},{"lang":"es","value":"EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, 3.1.0, 3.0.1, 3.0.0 está afectado por una vulnerabilidad de elusión de autenticación que podría ser explotada potencialmente por atacantes para comprometer el sistema afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D4D35198-BA21-445D-9693-BAF66AE61099"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"341857D8-1DBB-479F-9C56-D17ACFC8117F"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D91524EB-ECF4-433A-A1D9-7574FAA3F58C"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7B9ABABD-2320-4C27-BFD7-1E6E34B453C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"47BB054C-6573-4516-B74A-5B6BED8A82C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"87999B65-7C3D-474A-90CD-00585641027E"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"0AE8CFAC-5941-4A39-81DD-2AB3FEA90A4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"618AE0B4-5DAD-44DC-9C50-4E68873B0931"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"0B29B844-C048-42EE-8343-A9F23C513F21"},{"vulnerable":true,"criteria":"cpe:2.3:a:emc:isilon_insightiq:4.1.0:*:*:*:*:*:*:*","matchCriteriaId":"722FF243-ECAE-4193-ACC3-25AF6FB1D571"}]}]}],"references":[{"url":"http://www.securityfocus.com/archive/1/540100/30/0/threaded","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95945","source":"security_alert@emc.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/540100/30/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95945","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-5013","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IBM Security Access Manager appliance includes configuration files that contain obfuscated plaintext-passwords which authenticated users can access."},{"lang":"es","value":"El aparato IBM Security Access Manager incluye archivos de configuración que contienen contraseñas de texto claro obfuscadas a las que pueden acceder usuarios autenticados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"35BD8955-4735-4FDC-906A-B404C4E36417"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","matchCriteriaId":"6921A2CC-67D0-41B5-908B-F002C14AFD70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F5B95177-2AA3-45D4-895D-56CA35B32813"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_9.0:-:*:*:*:*:*:*:*","matchCriteriaId":"F86981E3-B9F4-4C49-AFF3-07E6C3FFD452"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993722","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96090","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037792","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993722","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037792","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-2866","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user."},{"lang":"es","value":"Una vulnerabilidad no especificada en IBM Jazz Team Server puede revelar alguna información de despliegue a un usuario autenticado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F23D62A7-F471-456B-BD89-766371848DB0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997104","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6032","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Rational Team Concert 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"CC85C5A2-04BC-4E10-9EAF-6AF2CBC3AF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6C66DD3-20D9-4B47-AFA4-0BA789A973FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"7178BB7D-7098-44FB-8DC1-C6A7AF5D6EE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"3F4A9A99-C26E-4476-934E-24AADFBDB8B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A73A4517-CA0C-4C11-BD22-47F53DFBD7B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C22AC9CB-44C3-43E1-B29A-3D06A421E51D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"51998570-6EFF-436C-9297-601B17A31788"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"D944BB64-73C5-402C-9D14-077B8FC9DB8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3A32DF4D-B68E-4C3E-AF20-05C80B26461A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8B877D86-6ABE-43E8-A681-0C937C779388"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"61DE20FB-F2C6-49CB-B1A7-0C5A1F802C56"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"F23D62A7-F471-456B-BD89-766371848DB0"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997104","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9748","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system."},{"lang":"es","value":"IBM Rational DOORS Next Generation 5.0 y 6.0 revela información sensible en mensajes de respuesta a errores que puede ser usada para otros ataques contra el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7E8158D2-ECB0-4F89-BE73-568CA213D9B8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991461","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96074","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21991461","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-1127","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"141B7F93-4A02-4A60-94F1-A6D9A80A4889"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*","matchCriteriaId":"8D3894CB-8DF7-4011-B47F-36485A2A6E7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BF6342F6-709A-4043-A879-57E9C7232C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C1CDFA1C-9C07-4744-95F9-93A2332E2F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"10D8C43B-C109-44E1-868F-7DC1289D9BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4EFFBB5B-8566-45BC-9123-5418821E6EB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5BF2CC2A-232C-43A6-8C9B-E6125C051BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2A84EA62-E3F8-4E4C-9FEF-065300C4611A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0232D8EF-1DB3-477D-818C-B79B68406197"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7E8158D2-ECB0-4F89-BE73-568CA213D9B8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996645","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96019","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996645","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96019","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-1128","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T19:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0:*:*:*:*:*:*:*","matchCriteriaId":"8D3894CB-8DF7-4011-B47F-36485A2A6E7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"BF6342F6-709A-4043-A879-57E9C7232C48"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C1CDFA1C-9C07-4744-95F9-93A2332E2F13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"10D8C43B-C109-44E1-868F-7DC1289D9BA8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4EFFBB5B-8566-45BC-9123-5418821E6EB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5BF2CC2A-232C-43A6-8C9B-E6125C051BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2A84EA62-E3F8-4E4C-9FEF-065300C4611A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0232D8EF-1DB3-477D-818C-B79B68406197"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7E8158D2-ECB0-4F89-BE73-568CA213D9B8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996645","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96017","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996645","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96017","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-1976","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Directory Server could allow an authenticated user to execute commands into the web administration tool that would cause the tool to crash."},{"lang":"es","value":"IBM Security Directory Server podría permitir a un usuario autenticado ejecutar comandos en la herramienta de administración web que causaría la caída de la herramienta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0.0","versionEndIncluding":"6.3.1.15","matchCriteriaId":"45BCC2A7-717C-48ED-A18D-D53DB5C5494C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0.0","versionEndIncluding":"6.4.0.6","matchCriteriaId":"FED8B510-A1AD-4D44-A1A6-BFB598A7B01D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.0.0.77","matchCriteriaId":"373090C2-BA5E-4BAA-AFB0-A8177C3A0D91"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.0","versionEndIncluding":"6.1.0.72","matchCriteriaId":"613173B1-55AA-4847-8874-A8A3C7478B7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2.0.0","versionEndIncluding":"6.2.0.48","matchCriteriaId":"5B901486-F601-4CB5-827A-88EF84D62FAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_directory_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0.0","versionEndIncluding":"6.3.0.41","matchCriteriaId":"82CE5FEE-59BA-4618-9E6B-A85C99E6C31B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21980585","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90526","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21980585","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-7418","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator privileges to obtain sensitive information."},{"lang":"es","value":"IBM WebSphere eXtreme Scale y el WebSphere DataPower XC10 Appliance permiten que algunos datos sensibles permanezcan en la memoria en vez de ser sobrescritos lo que podría permitir a un usuario local con privilegios de administrador obtener información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_extreme_scale:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FCF504C3-FC26-4B47-9D19-3095CEA85014"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_extreme_scale:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E0472C4A-F281-4D5F-BC47-93427833B907"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_extreme_scale:8.5:*:*:*:*:*:*:*","matchCriteriaId":"5A69D3FF-E270-4DBB-85B4-FC84963A86C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_extreme_scale:8.6:*:*:*:*:*:*:*","matchCriteriaId":"DD617742-1937-4FDA-B88C-DE098832B20D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21971657","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/83634","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21971657","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/83634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-7493","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information."},{"lang":"es","value":"IBM InfoSphere Information Server podría permitir a un usuario local bajo especiales circunstancias ejecutar comandos durante procesos de instalación que podrían exponer información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:8.5:*:*:*:*:*:*:*","matchCriteriaId":"CA7096B4-291F-49BB-8DBC-E67AC901CF08"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:*","matchCriteriaId":"42A9CF5C-79EC-4BBF-92AF-2AB3DC125684"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*","matchCriteriaId":"F3BF0A4B-5DDB-420D-B1F2-8C1ED23F60CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*","matchCriteriaId":"9923389A-6B64-482B-A631-1B6B841CB9AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*","matchCriteriaId":"83640E7E-851E-4C8F-ADDA-7CF4E1D11F58"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21982034","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90529","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21982034","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90529","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-7494","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en la API services/[action]/launch en IBM Cloud Orchestrator. Un usuario de administrador de dominio autenticado podría modificar recursos de dominio cruzado a través de una llamada API /services/[action]/launch, siembre que hubiera sido posible para el usuario de administrador de dominio obtener acceso a un identificador de recurso del otro dominio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N","baseScore":2.8,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.1,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:P/A:N","baseScore":1.7,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.1,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*","matchCriteriaId":"FE37CE11-6A58-4058-B3A0-5A223DC5601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E747BF22-8A13-4073-967F-0C28055B2A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A9B95F0E-F10A-4A0A-B675-73AD50A552B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"42AC5772-6E74-4B9C-815F-ED8C265FED53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*","matchCriteriaId":"A66F93C9-05D1-4E81-A188-44BB0BDA3BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.5.01:*:*:*:*:*:*:*","matchCriteriaId":"88593BE3-6DB2-46B6-99B5-973D35C32BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:smartcloud_orchestrator:2.3:*:*:*:*:*:*:*","matchCriteriaId":"2AB97A11-E8E6-4AFB-A72E-3345E36FE73C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:smartcloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9F658E9A-A6CA-4B00-B3B8-6261A8386B8B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000140","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94438","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94438","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0202","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en tareas, objeto de backend generado para manejar cualquier acción realizada por la aplicación en IBM Cloud Orchestrator. Para un usuario autenticado es posible ver cualquier tarea del dominio actual de los usuarios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:*","matchCriteriaId":"8227C8AC-7AAC-4DD1-A998-81595B0352DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6982E71E-FD79-47A5-8060-56499F7D00B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*","matchCriteriaId":"FE37CE11-6A58-4058-B3A0-5A223DC5601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E747BF22-8A13-4073-967F-0C28055B2A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A9B95F0E-F10A-4A0A-B675-73AD50A552B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"42AC5772-6E74-4B9C-815F-ED8C265FED53"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000134","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94578","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000134","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94578","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0203","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability has been identified in the IBM Cloud Orchestrator task API. The task API might allow an authenticated user to view background information associated with actions performed on virtual machines in projects where the user belongs to."},{"lang":"es","value":"Se ha identificado una vulnerabilidad en la API task en IBM Cloud Orchestrator. La API task podría permitir a un usuario autenticado ver información de fondo asociada con acciones realizadas en máquinas virtuales en proyectos a los que pertenece el usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*","matchCriteriaId":"FE37CE11-6A58-4058-B3A0-5A223DC5601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E747BF22-8A13-4073-967F-0C28055B2A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A9B95F0E-F10A-4A0A-B675-73AD50A552B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"42AC5772-6E74-4B9C-815F-ED8C265FED53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.5:*:*:*:*:*:*:*","matchCriteriaId":"A66F93C9-05D1-4E81-A188-44BB0BDA3BC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.5.01:*:*:*:*:*:*:*","matchCriteriaId":"88593BE3-6DB2-46B6-99B5-973D35C32BAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:smartcloud_orchestrator:2.3:*:*:*:*:*:*:*","matchCriteriaId":"2AB97A11-E8E6-4AFB-A72E-3345E36FE73C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:smartcloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9F658E9A-A6CA-4B00-B3B8-6261A8386B8B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000140","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94440","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000140","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94440","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0206","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL."},{"lang":"es","value":"IBM Cloud Orchestrator podría permitir a un atacante local autenticado provocar que el servidor se ralentice por un corto periodo de tiempo utilizando una URL especialmente manipulada y malformada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:*","matchCriteriaId":"8227C8AC-7AAC-4DD1-A998-81595B0352DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6982E71E-FD79-47A5-8060-56499F7D00B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4:*:*:*:*:*:*:*","matchCriteriaId":"FE37CE11-6A58-4058-B3A0-5A223DC5601B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E747BF22-8A13-4073-967F-0C28055B2A45"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cloud_orchestrator:2.4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"A9B95F0E-F10A-4A0A-B675-73AD50A552B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000141","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94656","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg2C1000141","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94656","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0210","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to obtain sensitive information. By allowing HTTP OPTIONS method, a remote attacker could send a specially-crafted query to a vulnerable server running to cause the server to disclose sensitive information in the HTTP response."},{"lang":"es","value":"IBM Sterling B2B Integrator Standard Edition podría permitir a un atacante remoto obtener información sensible. Permitiendo el método HTTP OPTIONS, un atacante remoto podría enviar una query especialmente manipulada a un servidor vulnerable ejecutándose para provocar que el servidor revele información sensible en la respuesta HTTP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.1:*:*:*:*:*:*:*","matchCriteriaId":"40363692-5283-4D0C-BAE1-C049C02A0294"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:*","matchCriteriaId":"F805BA3A-178D-416E-9DED-4258F71A17C8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21981549","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90527","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21981549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/90527","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0214","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file."},{"lang":"es","value":"IBM Tivoli Endpoint Manager podría permitir a un atacante remoto subir archivos arbitrarios. Un atacante remoto podría explotar esta vulnerabilidad para subir archivos maliciosos. La única manera de que ese archivo sea ejecutado sería a través de un ataque de phishing para engañar a una víctima desprevenida para ejecutar el archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.0:*:*:*:*:*:*:*","matchCriteriaId":"66D8FA27-E35E-41E8-A5C8-14761E47CE10"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.1:*:*:*:*:*:*:*","matchCriteriaId":"21AD0AAF-1D86-44B4-92DB-3E4A3C38DE87"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.2:*:*:*:*:*:*:*","matchCriteriaId":"EDF3A293-36B6-41F3-87CE-EC2D89F212B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:bigfix_platform:9.5:*:*:*:*:*:*:*","matchCriteriaId":"9E59DD27-6637-4D89-867B-650AAD2F14B2"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993203","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94193","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21993203","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-0305","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."},{"lang":"es","value":"IBM Connections es vulnerable a XSS, causada por una validación incorrecta de la entrada suministrada por el usuario. Un atacante remoto podría explotar esta vulnerabilidad utilizando una URL especialmente manipulada para ejecutar script en el buscador web de una víctima en el contexto de seguridad del sitio web de alojamiento, una vez que se hace clic en la URL. Un atacante podría utilizar esta vulnerabilidad para robar las credenciales de autenticación basadas en cookies de la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1786E8E0-3A05-4845-8184-BC980C8FDF53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"548B3376-1304-4289-A9A8-1B967C0425FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E36F2948-3B6C-4F31-A08C-C80E908FBF02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B309632B-7039-4E34-8766-96ECF00D5F34"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92436","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92436","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-0307","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses."},{"lang":"es","value":"IBM Connections 5.5 y versiones anteriores permite a atacantes remotos obtener información sensible leyendo seguimientos de pila en respuestas devueltas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1786E8E0-3A05-4845-8184-BC980C8FDF53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"548B3376-1304-4289-A9A8-1B967C0425FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E36F2948-3B6C-4F31-A08C-C80E908FBF02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B309632B-7039-4E34-8766-96ECF00D5F34"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92440","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92440","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-0308","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images."},{"lang":"es","value":"IBM Connections 5.5 y versiones anteriores es vulnerable a un posible ataque de manipulación de link que podría resultar en la revelación de imágenes de background inapropiadas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1786E8E0-3A05-4845-8184-BC980C8FDF53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"548B3376-1304-4289-A9A8-1B967C0425FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E36F2948-3B6C-4F31-A08C-C80E908FBF02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B309632B-7039-4E34-8766-96ECF00D5F34"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92439","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21986770","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92439","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-0310","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain."},{"lang":"es","value":"IBM Connections 5.5 y versiones anteriores es vulnerable a un posible ataque de inyección de cabecera del host que podría provocar navegación al dominio del atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1786E8E0-3A05-4845-8184-BC980C8FDF53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"548B3376-1304-4289-A9A8-1B967C0425FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E36F2948-3B6C-4F31-A08C-C80E908FBF02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B309632B-7039-4E34-8766-96ECF00D5F34"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988338","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92437","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988338","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92437","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5900","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.543","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."},{"lang":"es","value":"IBM Tealeaf Customer Experience en Cloud Network Capture Add-On podría permitir a un atacante remoto obtener información sensible, provocado por un fallo en la correcta validación del certificado TLS. Un atacante podría explotar esta vulnerabilidad para obtener información sensible utilizando técnicas man in the middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tealeaf_customer_experience_on_cloud_network_capture_add-on:16.1.01:*:*:*:*:*:*:*","matchCriteriaId":"A0D52B64-4AB1-465D-AA95-9E7C96919AA1"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994534","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994534","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5902","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."},{"lang":"es","value":"IBM Maximo Asset Management es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz Web alterando así la funcionalidad intencionada conduciendo potencialmente a la divulgación de credenciales en una sesión de confianza."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_asset_management:7.1:*:*:*:*:*:*:*","matchCriteriaId":"DE721CF9-0F75-410B-A0F4-542041E25925"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_asset_management:7.5:*:*:*:*:*:*:*","matchCriteriaId":"1AEBAE48-FFD0-4837-AB3B-F6C31B1AC8D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_asset_management:7.6:*:*:*:*:*:*:*","matchCriteriaId":"58B773C7-9386-4704-B85F-748578DBC242"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_aviation:7.1:*:*:*:*:*:*:*","matchCriteriaId":"AA2E94D6-C670-417D-8BC7-6D57FC881735"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_aviation:7.5:*:*:*:*:*:*:*","matchCriteriaId":"D99E35AE-83AD-4B46-8D1B-D55213547863"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_aviation:7.6:*:*:*:*:*:*:*","matchCriteriaId":"DBC96757-682F-4EBF-83A7-7C85C451ED26"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_energy_optimization:7.1:*:*:*:*:*:*:*","matchCriteriaId":"47FE69C7-D7C4-4707-B3EF-AC290F2CF92D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_energy_optimization:7.5:*:*:*:*:*:*:*","matchCriteriaId":"805C1AA0-2515-481F-8DC2-B8DDB567B112"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_energy_optimization:7.6:*:*:*:*:*:*:*","matchCriteriaId":"9588B376-E159-4CF8-AA3C-70FBBFCB3ED5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_government:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3D8673B0-D385-467A-A60C-90A436C976D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_government:7.5:*:*:*:*:*:*:*","matchCriteriaId":"4908AC9D-7410-47A6-BC46-5587C60061A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_government:7.6:*:*:*:*:*:*:*","matchCriteriaId":"0F39CC0B-40C9-434B-9257-A72D04D5CED0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_life_sciences:7.1:*:*:*:*:*:*:*","matchCriteriaId":"9B315997-8DD3-4244-B292-68568FB82CED"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_life_sciences:7.5:*:*:*:*:*:*:*","matchCriteriaId":"360D781D-AD52-4309-A484-2150B10DFB02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_life_sciences:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BA294D6-4D4D-4ADB-A05B-F578A8877A4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.1:*:*:*:*:*:*:*","matchCriteriaId":"4796CF9E-0065-4DE2-8C7A-22EB76F65E8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.5:*:*:*:*:*:*:*","matchCriteriaId":"75C69BA7-055F-446B-9E76-398D57680BA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_nuclear_power:7.6:*:*:*:*:*:*:*","matchCriteriaId":"54B15803-D203-4620-B4CF-0F417C7A9B79"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.1:*:*:*:*:*:*:*","matchCriteriaId":"764D9D95-26A8-441E-95E1-55C9CDEA59BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.5:*:*:*:*:*:*:*","matchCriteriaId":"012787EB-E7F0-4CAD-B406-6057A7F6F14F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_oil_and_gas:7.6:*:*:*:*:*:*:*","matchCriteriaId":"ED14563B-CA07-4CEF-B46B-672F06D08B9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_transportation:7.1:*:*:*:*:*:*:*","matchCriteriaId":"2F780ADF-3151-4B2C-98B9-7FFD0DB47A57"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_transportation:7.5:*:*:*:*:*:*:*","matchCriteriaId":"4367602D-5736-459D-82C1-099CD484F2FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_transportation:7.6:*:*:*:*:*:*:*","matchCriteriaId":"7759191C-5D16-4937-BC80-5A47FE4F9DD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_utilities:7.1:*:*:*:*:*:*:*","matchCriteriaId":"553D4A7C-E2F0-40F7-88FC-AB372DFCA9DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_utilities:7.5:*:*:*:*:*:*:*","matchCriteriaId":"1480E9F7-9CA1-4F8D-977F-0F13594D0D36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:maximo_for_utilities:7.6:*:*:*:*:*:*:*","matchCriteriaId":"C823FEB8-B984-444C-A56E-4421A134754C"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988252","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92535","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988252","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92535","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5918","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed."},{"lang":"es","value":"IBM Tivoli Storage Manager HSM para Windows muestra la contraseña cifrada Tivoli Storage Manager en la salida de rastreo de la aplicación si la opción de acceso a la contraseña es rápida y se cambia la contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1.4.1","matchCriteriaId":"EAB2D5C3-AFDE-43AE-A5E1-AAE9753D57C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:7.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"4C001D0C-6696-4B41-A2A2-6F9214106C79"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.3.0","matchCriteriaId":"D128C737-3482-4539-9FC2-815DAC557FA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:6.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"58B2465F-1445-4CB2-8130-D97D4524A290"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_space_management:*:*:*:*:*:*:*:*","versionEndIncluding":"6.3","matchCriteriaId":"C4023F82-E1CC-4066-B65C-B6A06096D6CD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988728","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92534","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988728","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92534","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5934","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim."},{"lang":"es","value":"El instalador IBM Tivoli Storage Manager FastBack podría permitir a un atacante remoto ejecutar código arbitrario en el sistema. Al colocar una DLL especialmente manipulada en el camino de la víctima, un atacante podría explotar esta vulnerabilidad cuando el instalador se ejecuta para ejecutar código arbitrario en el sistema con privilegios de la víctima."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_fastback:*:*:*:*:demo:*:*:*","matchCriteriaId":"B30ED7B4-7A0B-4461-A0F4-478D8721512F"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988908","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92614","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21988908","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/92614","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8954","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM dashDB Local uses hard-coded credentials that could allow a remote attacker to gain access to the Docker container or database."},{"lang":"es","value":"IBM dashDB Local utiliza credenciales embebidas que podrían permitir a un atacante remoto obtener acceso al contenedor o base de datos del Docker."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D0DF9658-0A0B-4FB6-B807-EC7127968003"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"94CAD9B7-1ACF-4577-B090-D6DD33985857"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"03FA7610-4998-4390-BBCA-78E5DA3C513C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B014AC50-AAFE-4134-9DCA-5B28532C1CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"B62CC84F-80A7-4ABA-816C-1CCD97FFC999"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"7B1EA9C0-0F21-4FE4-90FB-27C403BB676A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashdb_local:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"62B9B0CC-F99E-4443-80BC-5DA47119C016"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994471","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95628","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21994471","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95628","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9005","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-08T22:59:00.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system."},{"lang":"es","value":"IBM System Storage TS3100-TS3200 Tape Library podría permitir a un usuario no autenticado con acceso a la red de la compañía cambiar una contraseña de usuario y obtener acceso remoto al sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:system_storage_ts3100-ts3200_tape_library:*:*:*:*:*:*:*:*","versionEndIncluding":"d.60","matchCriteriaId":"555E9C5F-1B40-469A-B54F-7CE698365904"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=ssg1S1009656","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95436","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=ssg1S1009656","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95436","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9686","sourceIdentifier":"security@puppet.com","published":"2017-02-08T22:59:00.730","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Puppet Communications Protocol (PCP) Broker incorrectly validates message header sizes. An attacker could use this to crash the PCP Broker, preventing commands from being sent to agents. This is resolved in Puppet Enterprise 2016.4.3 and 2016.5.2."},{"lang":"es","value":"El Puppet Communications Protocol (PCP) Broker valida incorrectamente tamaños de la cabecera del mensaje. Un atacante podría utilizar ésto para bloquear el PCP Broker, evitando que se envíen comandos a los agentes. Ésto está resuelto en Puppet Enterprise 2016.4.3 y 2016.5.2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2016.4.0","versionEndExcluding":"2016.4.3","matchCriteriaId":"26593001-EE83-42CF-931C-6D85510921DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:2016.5.1:*:*:*:*:*:*:*","matchCriteriaId":"299ACFD1-609F-42CA-B0E5-F7B54A1ACBC9"}]}]}],"references":[{"url":"https://puppet.com/security/cve/cve-2016-9686","source":"security@puppet.com","tags":["Vendor Advisory"]},{"url":"https://puppet.com/security/cve/cve-2016-9686","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-6023","sourceIdentifier":"cret@cert.org","published":"2017-02-09T15:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."},{"lang":"es","value":"ping.cgi en routers wireless NetCommWireless HSPA 3G10WVE con firmware en versiones anteriores a 3G10WVE-L101-S306ETS-C01_R05 permite a atacantes remotos eludir las restricciones de acceso previstas a través de una solicitud directa. NOTA: Este problema puede ser combinado con CVE-2015-6024 para ejecutar comandos arbitrarios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*","matchCriteriaId":"4BD52297-1031-4917-8221-C4EBFE83EF4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*","matchCriteriaId":"87C2314F-46CA-4625-97CE-336CE885FC41"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/13","source":"cret@cert.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/May/18","source":"cret@cert.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538263/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/archive/1/538297/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/96383","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39762/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/May/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538263/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/538297/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96383","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39762/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-6024","sourceIdentifier":"cret@cert.org","published":"2017-02-09T15:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter."},{"lang":"es","value":"ping.cgi en routers wireless NetCommWireless HSPA 3G10WVE con firmware en versiones anteriores a 3G10WVE-L101-S306ETS-C01_R05 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro DIA_IPADDRESS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*","matchCriteriaId":"4BD52297-1031-4917-8221-C4EBFE83EF4A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*","matchCriteriaId":"87C2314F-46CA-4625-97CE-336CE885FC41"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/13","source":"cret@cert.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/May/18","source":"cret@cert.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538263/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/archive/1/538297/100/0/threaded","source":"cret@cert.org"},{"url":"https://www.exploit-db.com/exploits/39762/","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/May/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/May/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/archive/1/538263/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/archive/1/538297/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/39762/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-8831","sourceIdentifier":"security@debian.org","published":"2017-02-09T15:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment."},{"lang":"es","value":"Vulnerabilidad de XSS en admin/comments.php en Dotclear en versiones anteriores a 2.8.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre del autor en un comentario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.1","matchCriteriaId":"86F0BC44-07EA-4913-8FF8-6B45AA638042"}]}]}],"references":[{"url":"http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2","source":"security@debian.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.html","source":"security@debian.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2015/Nov/59","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/05/4","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/07/5","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96377","source":"security@debian.org"},{"url":"https://blog.curesec.com/article/blog/dotclear-281-XSS-94.html","source":"security@debian.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://hg.dotclear.org/dotclear/rev/65e65154dadf","source":"security@debian.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/134353/dotclear-2.8.1-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2015/Nov/59","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/05/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96377","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.curesec.com/article/blog/dotclear-281-XSS-94.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://hg.dotclear.org/dotclear/rev/65e65154dadf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8832","sourceIdentifier":"security@debian.org","published":"2017-02-09T15:59:00.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with \"manage their own media items\" and \"manage their own entries and comments\" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension."},{"lang":"es","value":"Múltiples vulnerabilidades de lista negra incompleta en inc/core/class.dc.core.php en Dotclear en versiones anteriores a 2.8.2 permiten a usuarios remotos autenticados con permisos para ejecutar código PHP arbitrario \"administrar sus propios contenidos multimedia\" y \"gestionar sus propias entradas y comentarios\" cargando un archivo con una extensión (1) .pht, (2) .phps o (3) .phtml."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotclear:dotclear:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.1","matchCriteriaId":"86F0BC44-07EA-4913-8FF8-6B45AA638042"}]}]}],"references":[{"url":"http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2","source":"security@debian.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/134352/dotclear-2.8.1-Shell-Upload.html","source":"security@debian.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2015/Nov/58","source":"security@debian.org","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/05/4","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/07/5","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96379","source":"security@debian.org"},{"url":"https://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html","source":"security@debian.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://hg.dotclear.org/dotclear/rev/198580bc3d80","source":"security@debian.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"http://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/134352/dotclear-2.8.1-Shell-Upload.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2015/Nov/58","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/05/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96379","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blog.curesec.com/article/blog/dotclear-281-Code-Execution-93.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://hg.dotclear.org/dotclear/rev/198580bc3d80","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8936","sourceIdentifier":"security@opentext.com","published":"2017-02-09T15:59:00.520","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link."},{"lang":"es","value":"Vulnerabilidad de XSS en squidGuard.cgi en squidGuard en versiones anteriores a 1.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un enlace de sitio bloqueado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squidguard:squidguard:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4","matchCriteriaId":"7A646F39-677C-4BAC-A9F8-6076F2C149A3"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/20/2","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/20/6","source":"security@opentext.com"},{"url":"http://www.securityfocus.com/bid/91305","source":"security@opentext.com"},{"url":"http://www.squidguard.org/Downloads/CHANGELOG","source":"security@opentext.com"},{"url":"http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201","source":"security@opentext.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/20/2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/06/20/6","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/91305","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.squidguard.org/Downloads/CHANGELOG","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20150201","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10190","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:00.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en libavformat/http.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a servidores web remotos ejecutar código arbitrario a través de un tamaño de cantidad negativa en una respuesta HTTP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.9","matchCriteriaId":"BB8F94CB-75BE-4D48-A4A6-4CE03A3D60B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C6E85AA0-559E-4EC5-AF61-100732EF0643"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3E86E3C4-946B-4E89-B0C1-010046D8D478"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"94E316AE-DF67-40B7-99CE-CE30BFECC4C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"368CB50E-729C-4CA3-A6E4-67A277354255"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"10FD1F85-27FB-4E8B-A2D0-529A048701C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","matchCriteriaId":"1A730657-04E4-4802-8336-DB067AF00C5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"77E8C6C8-4849-4475-8271-CAD3ECE761CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"59A336FF-56BE-4B09-827E-887FCF0A018B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E6FB6CF6-F80E-4570-8790-F43D2F035A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"95D2E370-7B0E-451F-9802-D4C272C4902E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*","matchCriteriaId":"A040488F-32AA-4451-B922-45B17D2AEA90"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*","matchCriteriaId":"21F765CB-B78E-42A3-BB22-D9FC515694B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F5DFEAF5-8003-4EDB-B2B3-9022052939C4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95986","source":"cve@mitre.org"},{"url":"https://ffmpeg.org/security.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html","source":"cve@mitre.org"},{"url":"https://trac.ffmpeg.org/ticket/5992","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95986","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ffmpeg.org/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://trac.ffmpeg.org/ticket/5992","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10191","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:00.723","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en libavformat/rtmppkt.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar código arbitrario aprovechando el fallo para comprobar si hay desajustes de tamaño de paquete RTMP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.9","matchCriteriaId":"BB8F94CB-75BE-4D48-A4A6-4CE03A3D60B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C6E85AA0-559E-4EC5-AF61-100732EF0643"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3E86E3C4-946B-4E89-B0C1-010046D8D478"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"94E316AE-DF67-40B7-99CE-CE30BFECC4C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"368CB50E-729C-4CA3-A6E4-67A277354255"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"10FD1F85-27FB-4E8B-A2D0-529A048701C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","matchCriteriaId":"1A730657-04E4-4802-8336-DB067AF00C5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"77E8C6C8-4849-4475-8271-CAD3ECE761CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"59A336FF-56BE-4B09-827E-887FCF0A018B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E6FB6CF6-F80E-4570-8790-F43D2F035A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"95D2E370-7B0E-451F-9802-D4C272C4902E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*","matchCriteriaId":"A040488F-32AA-4451-B922-45B17D2AEA90"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*","matchCriteriaId":"21F765CB-B78E-42A3-BB22-D9FC515694B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F5DFEAF5-8003-4EDB-B2B3-9022052939C4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95989","source":"cve@mitre.org"},{"url":"https://ffmpeg.org/security.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95989","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ffmpeg.org/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10192","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:00.753","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en ffserver.c en FFmpeg en versiones anteriores a 2.8.10, 3.0.x en versiones anteriores a 3.0.5, 3.1.x en versiones anteriores a 3.1.6 y 3.2.x en versiones anteriores a 3.2.2 permite a atacantes remotos ejecutar código arbitrario aprovechando el fallo para comprobar el tamaño del fragmento."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.9","matchCriteriaId":"BB8F94CB-75BE-4D48-A4A6-4CE03A3D60B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0:*:*:*:*:*:*:*","matchCriteriaId":"C6E85AA0-559E-4EC5-AF61-100732EF0643"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3E86E3C4-946B-4E89-B0C1-010046D8D478"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"94E316AE-DF67-40B7-99CE-CE30BFECC4C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"368CB50E-729C-4CA3-A6E4-67A277354255"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"10FD1F85-27FB-4E8B-A2D0-529A048701C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1:*:*:*:*:*:*:*","matchCriteriaId":"1A730657-04E4-4802-8336-DB067AF00C5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"77E8C6C8-4849-4475-8271-CAD3ECE761CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"59A336FF-56BE-4B09-827E-887FCF0A018B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E6FB6CF6-F80E-4570-8790-F43D2F035A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"95D2E370-7B0E-451F-9802-D4C272C4902E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.1.5:*:*:*:*:*:*:*","matchCriteriaId":"A040488F-32AA-4451-B922-45B17D2AEA90"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2:*:*:*:*:*:*:*","matchCriteriaId":"21F765CB-B78E-42A3-BB22-D9FC515694B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffmpeg:ffmpeg:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F5DFEAF5-8003-4EDB-B2B3-9022052939C4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95991","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ffmpeg.org/security.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95991","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ffmpeg.org/security.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-10198","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:00.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file."},{"lang":"es","value":"La función gst_aac_parse_sink_setcaps en gst/audioparsers/gstaacparse.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo de audio manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3820","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775450","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775450","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10199","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:00.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value."},{"lang":"es","value":"La función qtdemux_tag_add_str_full en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de etiqueta manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3820","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775451","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=775451","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2147","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:00.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to cause a denial of service (crash) via a malformed RFC1035-encoded domain name, which triggers an out-of-bounds heap write."},{"lang":"es","value":"Desbordamiento de entero en el cliente DHCP (udhcpc) en BusyBox en versiones anteriores a 1.25.0 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un nombre de dominio codificado RFC1035 mal formado, lo que desencadena una escritura de memoria dinámica fuera de límites."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*","versionEndIncluding":"1.24.2","matchCriteriaId":"F106D39D-093B-42CF-8269-993BD3CB5052"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Jun/18","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2020/Aug/20","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/11/16","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://busybox.net/news.html","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/14","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/7","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-04","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3935-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Jun/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2020/Aug/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/11/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://busybox.net/news.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3935-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-2148","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:00.927","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 allows remote attackers to have unspecified impact via vectors involving OPTION_6RD parsing."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en el cliente DHCP (udhcpc) en BusyBox en versiones anteriores a 1.25.0 permite a atacantes remotos tener un impacto no especificado a través de vectores que implican el análisis de OPTION_6RD."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*","versionEndIncluding":"1.24.2","matchCriteriaId":"F106D39D-093B-42CF-8269-993BD3CB5052"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Jun/18","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2020/Aug/20","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/11/16","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://busybox.net/news.html","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/14","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/7","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-04","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3935-1/","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2019/Jun/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2019/Sep/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2020/Aug/20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/03/11/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://busybox.net/news.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Jun/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://seclists.org/bugtraq/2019/Sep/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3935-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-3101","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:00.973","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Extra Columns plugin before 1.17 in Jenkins allows remote attackers to inject arbitrary web script or HTML by leveraging failure to filter tool tips through the configured markup formatter."},{"lang":"es","value":"Vulnerabilidad de XSS en el plugin Extra Columns en versiones anteriores a 1.17 en Jenkins permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios aprovechando el fallo para filtrar los consejos de herramientas a través del formateador de marcado configurado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:extra_columns:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"1.17","matchCriteriaId":"80D2E02A-91AA-4D85-BC28-410E38B48783"}]}]}],"references":[{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3102","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations."},{"lang":"es","value":"El plugin Script Security en versiones anteriores a 1.18.1 en Jenkins podría permitir a atacantes remotos eludir el mecanismo de protección sandbox de Groovy a través del plugin que realiza (1) acceso directo al campo o (2) operaciones de array get/set."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.0:*:*:*:*:jenkins:*:*","matchCriteriaId":"0941B222-5731-4A1A-8B67-C33EE931FE91"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.1:*:*:*:*:jenkins:*:*","matchCriteriaId":"71689F37-4025-41B7-A5E4-546B70EC799E"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.2:*:*:*:*:jenkins:*:*","matchCriteriaId":"BD094183-2145-47E7-93F9-077BB11F88DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.3:*:*:*:*:jenkins:*:*","matchCriteriaId":"9A263A3A-EFA7-4EF1-B882-9A48E02F7992"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.4:*:*:*:*:jenkins:*:*","matchCriteriaId":"05397C2C-1768-44DE-9DF3-28CEC2E64A12"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.5:*:*:*:*:jenkins:*:*","matchCriteriaId":"F0B4DA55-99E8-4D12-8E76-57A7F0E68530"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.6:*:*:*:*:jenkins:*:*","matchCriteriaId":"5F322056-8B48-4039-B5E1-3F6B5BD51DEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.7:*:*:*:*:jenkins:*:*","matchCriteriaId":"B06D3B5D-3104-45F2-8D00-8A063F583193"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.8:*:*:*:*:jenkins:*:*","matchCriteriaId":"138A02CC-41B0-4383-9457-5A5D3F64D14D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.9:*:*:*:*:jenkins:*:*","matchCriteriaId":"45E3C087-7204-4344-A600-C39058109AAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.10:*:*:*:*:jenkins:*:*","matchCriteriaId":"28FFDA44-7EB9-44D4-98B0-CF3EB916315E"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.11:*:*:*:*:jenkins:*:*","matchCriteriaId":"81B21C43-B7DB-4BCA-9335-727A9D3BA164"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.12:*:*:*:*:jenkins:*:*","matchCriteriaId":"0AEDDF46-E6A1-4A61-96EC-4A796B3C1CA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.13:*:*:*:*:jenkins:*:*","matchCriteriaId":"EDDB123B-C69A-4C4B-A699-E27781407C82"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.14:*:*:*:*:jenkins:*:*","matchCriteriaId":"6744EE4A-6476-47A5-A2C8-13DC0606A90C"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.15:*:*:*:*:jenkins:*:*","matchCriteriaId":"5D575F1B-8B43-488A-B37B-AC895C03A57C"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.16:*:*:*:*:jenkins:*:*","matchCriteriaId":"5DE8CF02-A8D4-4E27-B799-2E1BFD511A3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.17:*:*:*:*:jenkins:*:*","matchCriteriaId":"A8B0A689-7F7B-4F93-A032-E693310CFDD5"},{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:script_security:1.18:*:*:*:*:jenkins:*:*","matchCriteriaId":"452403BE-08F3-466C-82E1-DEE70668D2A1"}]}]}],"references":[{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-04-11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4986","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.033","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the TAP plugin before 1.25 in Jenkins allows remote attackers to read arbitrary files via an unspecified parameter."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el plugin TAP en versiones anteriores a 1.25 en Jenkins permite a atacantes remotos leer archivos arbitrarios a través de un parámetro no especificado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:tap:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"1.25","matchCriteriaId":"BDDB7E17-6689-448E-BBFC-63D6924C3936"}]}]}],"references":[{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4987","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.067","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the Image Gallery plugin before 1.4 in Jenkins allows remote attackers to list arbitrary directories and read arbitrary files via unspecified form fields."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el plugin Image Gallery en versiones anteriores a 1.4 en Jenkins permite a atacantes remotos listar directorios arbitrarios y leer archivos arbitrarios a través de campos de formulario no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:image_gallery:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"1.4","matchCriteriaId":"02063053-5BA0-47E7-9C92-B31C709FADF6"}]}]}],"references":[{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4988","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.097","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en el plugin Build Failure Analyzer en versiones anteriores a 1.16.0 en Jenkins permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un parámetro no especificado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jenkins:build_failure_analyzer:*:*:*:*:*:jenkins:*:*","versionEndExcluding":"1.16.0","matchCriteriaId":"41E30C63-3E5C-41DD-B67E-27358006415A"}]}]}],"references":[{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://jenkins.io/security/advisory/2016-06-20/","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5726","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter."},{"lang":"es","value":"Packages.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través del parámetro de array themechanges."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*","matchCriteriaId":"774F215A-067D-4597-9EA0-B5393F089062"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/10/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/10/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5727","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via vectors related to variables derived from user input in a foreach loop."},{"lang":"es","value":"LogInOut.php en Simple Machines Forum (SMF) 2.1 permite a atacantes remotos llevar a cabo ataques de inyección de objetos PHP y ejecutar código PHP arbitrario a través de vectores relacionados con las variables derivadas de la entrada del usuario en un bucle foreach."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplemachines:simple_machines_forum:2.1:*:*:*:*:*:*:*","matchCriteriaId":"774F215A-067D-4597-9EA0-B5393F089062"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/10/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/18/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/SimpleMachines/SMF2.1/issues/3522","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/10/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/SimpleMachines/SMF2.1/commit/19e560b9f3e8fc6d7d9d60c1ff617b5ed5c08008#diff-513c4f9c501cbefcc14420c01848f23c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/SimpleMachines/SMF2.1/issues/3522","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6171","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR."},{"lang":"es","value":"Knot DNS en versiones anteriores a 2.3.0 permite a servidores DNS remotos provocar una denegación de servicio (agotamiento de memoria y caída del servidor esclavo) a través de una transferencia de zona grande para (1) DDNS, (2) AXFR o (3) IXFR."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:knot-dns:knot_dns:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.0","matchCriteriaId":"DF143712-8BD4-4D51-9256-22B796A8E072"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/3","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/4","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91678","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sischkg/xfer-limit/blob/master/README.md","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS","source":"secalert@redhat.com","tags":["Release Notes","VDB Entry"]},{"url":"https://gitlab.labs.nic.cz/labs/knot/issues/464","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html","source":"secalert@redhat.com","tags":["Technical Description"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91678","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sischkg/xfer-limit/blob/master/README.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://gitlab.labs.nic.cz/labs/knot/blob/c546a70563ef4c7badb7cb5bdf6d1ba8e7adae82/NEWS","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","VDB Entry"]},{"url":"https://gitlab.labs.nic.cz/labs/knot/issues/464","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]}]}},{"cve":{"id":"CVE-2016-6173","sourceIdentifier":"secalert@redhat.com","published":"2017-02-09T15:59:01.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data."},{"lang":"es","value":"NSD en versiones anteriores a 4.1.11 permite a servidores DNS maestros remotos provocar una denegación de servicio (/tmp consumo de disco y caída del servidor esclavo) a través de una trasferencia de zona con datos ilimitados.."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nlnetlabs:nsd:*:*:*:*:*:*:*:*","versionEndIncluding":"4.1.10","matchCriteriaId":"4F12FB3B-CD6F-40A7-8BC1-336A335E6247"}]}]}],"references":[{"url":"http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/3","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/4","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91678","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sischkg/xfer-limit/blob/master/README.md","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790","source":"secalert@redhat.com","tags":["Issue Tracking"]},{"url":"http://www.nlnetlabs.nl/svn/nsd/tags/NSD_4_1_11_REL/doc/RELNOTES","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/06/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91678","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/sischkg/xfer-limit/blob/master/README.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.dns-oarc.net/pipermail/dns-operations/2016-July/015058.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://open.nlnetlabs.nl/pipermail/nsd-users/2016-August/002342.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-8494","sourceIdentifier":"psirt@fortinet.com","published":"2017-02-09T15:59:01.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme."},{"lang":"es","value":"Verificación insuficiente de archivos cargados permite a atacantes con privilegios de administradores de webui realizar ejecución de código arbitrario cargando un nuevo tema webui."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:connect:14.2:*:*:*:*:*:*:*","matchCriteriaId":"6F6A7374-89AD-4F0A-855A-29E82C9BC736"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:connect:14.10:*:*:*:*:*:*:*","matchCriteriaId":"F52070E3-DFCA-48F6-9940-4B1EAE4F5626"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:connect:15.10:*:*:*:*:*:*:*","matchCriteriaId":"D776582A-A420-4C07-9CEB-DBD45E756C0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:connect:16.7:*:*:*:*:*:*:*","matchCriteriaId":"F0A01D26-A24D-4A21-BD30-C613C4F93E97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96159","source":"psirt@fortinet.com"},{"url":"https://fortiguard.com/advisory/FG-IR-16-080","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96159","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://fortiguard.com/advisory/FG-IR-16-080","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9244","sourceIdentifier":"f5sirt@f5.com","published":"2017-02-09T15:59:01.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well."},{"lang":"es","value":"Un servidor virtual BIG-IP configurado con un perfil Client SSL que tiene la opción Session Tickets no predeterminada habilitada podría perder hasta 31 portes de la memoria no inicializada. Un atacante remoto puede explotar esta vulnerabilidad para obtener los IDs de sesión Secure Sockets Layer (SSL) de otras sesiones. Es posible que otros datos de la memoria no inicializada pueda ser devuelta también."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"76C1525D-46DE-4362-BBAD-095BBF718990"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"259C05BB-6349-4005-9372-21623DC5002D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"E5D27D4A-BD5C-4FA9-AA72-F7956298DE06"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"12F86EB5-D581-4103-A802-44D968BA8D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"E6203A11-82C3-4ABA-94E9-085BFF1A0E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"06224D59-35F8-4168-80C5-CF5B17E99050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2FF5A5F6-4BA3-4276-8679-B5560EACF2E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"A2B502F2-404C-463B-B6BE-87489DC881F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A82C7B1C-E195-4D94-B604-78FB464C4F81"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8F6C3144-D0DE-4248-BFCD-04A7E6104044"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"0357B5ED-0600-4756-93E5-692987068596"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"974C5213-99F7-4E8A-AC6A-8759697F19C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"E288D50B-7EFA-4FC8-938B-EE3765FFA24D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"A4489382-0668-4CFB-BA89-D54762937CEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"9850D0AA-B173-47B2-9B69-75E6D1FAF490"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"40994EB4-4D31-4697-964D-1F0B09864DF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5B40837-EC2B-41FB-ACC3-806054EAF28C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"48BE0210-7058-462A-BA17-845D3E4F52FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3CA2FA6B-3930-432F-8FB5-E73604CEFE42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"ECA90FB8-E2CD-400F-B753-1B482E7FAC96"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BEB228A9-0C01-4531-B2B2-38BB7B0E02E9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"6E0141FA-44E9-460E-B175-29A7FA251301"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8DD27EF7-3329-4009-959F-D2E4D5935E57"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"3755740D-F1DC-4910-ADDD-9D491515201C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"EA244A7D-F65D-4114-81C8-CE811959EA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"5EA9F72C-8344-4370-B511-31BEC8BA63E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"96CF015E-C74B-4215-9103-8087BC1D12AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"CFE4DB00-433D-414A-A1CE-E507B9BB809B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"B276E4DF-69FC-4158-B93A-781A45605034"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"CBAB92C5-2D50-49CC-AECA-0D16BC44A788"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"532AAF54-64EF-4852-B4F1-D5E660463704"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"BC827031-CA39-4081-8CE0-30EAC78DF756"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"7569903B-3A15-4A10-863B-6828337DD268"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"45825991-D17D-42F1-87B4-7DF86B098B45"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"A7D226F1-6513-4233-BE20-58D7AB24978F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"B33B2082-E040-4799-A260-BA687ED8614E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"A85766A4-2181-4719-ADCF-4FEA0031DB80"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"D2E93EE3-DB73-468E-87CA-4D277F283648"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"ADB01A61-1924-417F-8A75-9FDF8F14F754"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"2A065BC0-56BD-4665-A860-EBA37F1A4D8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D0EDB8E9-E6FB-406E-B1D3-C620F114804C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"77192AFB-B612-4BAA-916C-3DF8E851CC2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"AE295AF6-2B35-467F-8501-B5753CDDE16C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"E3C03B68-914F-4DB0-A832-B626B8746524"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"FB5F9107-549C-40EF-B355-C7E93A979CDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B1A1C200-30B2-4B38-BC74-D11E54530A96"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1C0312FC-8178-46DE-B4EE-00F2895073BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"BC6C5628-14FF-4D75-B62E-D4B2707C1E3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"C9E574F6-34B6-45A6-911D-E5347DA22F69"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"BCF94129-8779-4D68-8DD4-B828CA633746"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"BA2E88AA-0523-48D0-8664-6AFDBCB6C940"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"CFA77C6B-72DB-4D57-87CF-11F2C7EDB828"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"E33BCA5B-CE91-451C-9821-2023A9E461C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5FC866D4-CE8C-4408-AD1E-8643AC554CC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7563D979-BE37-4251-B92E-0DBDBE53F3FF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"270EEBF6-46FA-48FC-BEC9-9C0838A86BB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"93310708-E1FE-445A-BB1F-7D1F553AEC65"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1AD2C1D2-103E-4B0F-84AA-999F01E695F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"855E91A4-0A0C-4E5C-8019-FB513A793803"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"FCCC2092-E109-4FF6-9B85-6C9434269851"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"8923BB93-96C1-417B-9172-4A81E731EBA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"274E34BF-82A5-4D9E-BC72-202193A47A5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"475F0EF8-42CB-4099-9C4A-390F946C4924"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"94DBCD7A-E4DA-4C08-87A4-960CF53A83E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"62B0A70A-D101-443E-A543-5EC35E23D66F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"2DB2118A-0F9C-4273-BB07-85FEA32C785B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8541C9EF-69A8-4641-B173-3BCE0EDD20A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"E24A3C71-0075-4738-B114-267337D050CD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B8993275-E17E-4A69-8D95-A8229E0E88D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0594DBC5-8470-416C-A5EA-E04F5AB2C799"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"BD3A3BA6-6F60-45CA-8F52-687B671B077A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"202B6870-718C-4F8D-9BAB-7ED6385BF2A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"EC6A3691-ADC4-44BC-8A11-D855B13EF128"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"D7D7863D-B064-4D7A-A66B-C3D3523425FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"911BB6DB-B2D1-4855-A65C-F0799E034358"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"FF646EF0-56C8-492E-A78D-B00ECAA8D851"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"0D42B922-A5F7-41FC-A361-BA0E065B5B00"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"13E6D2CA-CC4F-4317-A842-4DF0693B0CB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"AB017D7A-3290-4EF5-9647-B488771A5F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"4F316C54-FAE4-48D8-9E40-ED358C30BF24"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"5CDEC701-DAB3-4D92-AA67-B886E6693E46"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8C641B4F-DCFF-4A1B-9E00-EDF18A270241"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"4913B437-33FF-4B5E-A855-9DA00B35E3B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"EDCFE65B-340B-4F7D-93A1-4390BBC8E67F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"F2AA5127-5314-4026-905D-937B7B62473F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"09E42DAA-700D-487C-9238-F7F3D75A8C1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1B6EA0C0-9C26-4A87-98F1-5B317D606ECB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4D379372-A226-4230-B1F3-04C696518BD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"22FAC35D-2803-49B0-9382-F14594B88FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3C72257B-FF99-4707-A0E3-316D538B1CF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"C1EA4F45-35F7-4687-8D1A-A5ACD846500A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"23FF9627-E561-4CF7-A685-6E33D2F6C98C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"64273A2C-E5A1-4605-92DD-EBECC7F051D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"E60CA151-1C3A-45B3-B939-E6F80063C595"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"58BAD5A9-9C67-4056-9344-07C8C42C8E88"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*","matchCriteriaId":"584853F9-644F-40B2-A28F-1CE9B51F84F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*","matchCriteriaId":"DFE665CF-A633-474E-9519-D20E3D3958CF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html","source":"f5sirt@f5.com"},{"url":"http://www.securityfocus.com/bid/96143","source":"f5sirt@f5.com"},{"url":"http://www.securitytracker.com/id/1037800","source":"f5sirt@f5.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.filippo.io/finding-ticketbleed/","source":"f5sirt@f5.com"},{"url":"https://filippo.io/Ticketbleed/","source":"f5sirt@f5.com"},{"url":"https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py","source":"f5sirt@f5.com"},{"url":"https://support.f5.com/csp/article/K05121675","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41298/","source":"f5sirt@f5.com"},{"url":"http://packetstormsecurity.com/files/141017/Ticketbleed-F5-TLS-Information-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96143","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037800","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.filippo.io/finding-ticketbleed/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://filippo.io/Ticketbleed/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/0x00string/oldays/blob/master/CVE-2016-9244.py","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K05121675","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41298/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5837","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file."},{"lang":"es","value":"La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción en punto flotante y caída) a través de un archivo de vídeo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3819","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777262","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3819","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777262","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5838","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string."},{"lang":"es","value":"La función gst_date_time_new_from_iso8601_string en gst/gstdatetime.c en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de una cadena datetime mal formada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3822","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777263","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3822","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777263","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5839","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX."},{"lang":"es","value":"La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 no limita adecuadamente la recursión, lo que permite a atacantes remotos provocar una denegación de servicio (desbordamiento de pila y caída) a través de vectores que implican WAVEFORMATEX anidado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3819","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777265","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3819","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777265","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5840","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index."},{"lang":"es","value":"La función qtdemux_parse_samples en gst/isomp4/qtdemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican el índice stts actual."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3820","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777469","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777469","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00029.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5841","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags."},{"lang":"es","value":"La función gst_avi_demux_parse_ncdt en gst/avi/gstavidemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican etiquetas ncdt."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3820","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777500","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5842","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi."},{"lang":"es","value":"La función html_context_handle_element en gst/subparse/samiparse.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo SMI manipulado, file, según lo demostrado por OneNote_Manager.smi."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3819","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777502","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3819","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5843","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.567","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf."},{"lang":"es","value":"Múltiples vulnerabilidades de uso después de liberación de memoria en las funciones (1) gst_mini_object_unref, (2) gst_tag_list_unref y (3) gst_mxf_demux_update_essence_tracks en GStreamer en versiones anteriores a 1.10.3 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican etiquetas stream, según lo demostrado por 02785736.mxf."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3818","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777503","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777503","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5844","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file."},{"lang":"es","value":"La función gst_riff_create_audio_caps en gst-libs/gst/riff/riff-media.c en gst-plugins-base en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (excepción de punto flotante y caída) a través de un archivo ASF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3819","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777525","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3819","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777525","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/02/msg00032.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5845","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.660","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that \"goes behind\" the surrounding tag."},{"lang":"es","value":"La función gst_avi_demux_parse_ncdt en gst/avi/gstavidemux.c en gst-plugins-good en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de una sub etiqueta ncdt que \"va detras\" de la etiqueta circundante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3820","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777532","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777532","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5846","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors related to the number of languages in a video file."},{"lang":"es","value":"La función gst_asf_demux_process_ext_stream_props en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer en versiones anteriores a 1.10.3 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores relacionados con el número de idiomas en un archivo de vídeo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10.2","matchCriteriaId":"989802B0-618D-4362-A979-F802D2591C39"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3821","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777937","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3821","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gstreamer.freedesktop.org/releases/1.10/#1.10.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5847","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors."},{"lang":"es","value":"La función gst_asf_demux_process_ext_content_desc en gst/asfdemux/gstasfdemux.c en gst-plugins-ugly en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de vectores que implican descriptores de contenido extendidos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.2","matchCriteriaId":"94C88B00-C729-4942-9C23-DD63D4A9B2E5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3821","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3821","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777955#c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/05/msg00030.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5848","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T15:59:01.783","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing."},{"lang":"es","value":"La función gst_ps_demux_parse_psm en gst/mpegdemux/gstmpegdemux.c en gst-plugins-bad en GStreamer permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de vectores que implican análisis PSM."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gstreamer:gstreamer:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11.2","matchCriteriaId":"94C88B00-C729-4942-9C23-DD63D4A9B2E5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3818","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3818","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2060","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201705-10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5634","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T16:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended \"Please select booking identification\" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog."},{"lang":"es","value":"El terminal de la aerolínea Norwegian Air Shuttle (también conocida como norwegian.com) permite a atacantes físicamente próximos eludir el paso de IU destinada \"Por favor seleccione la identificación de la reserva\", y obtener privilegios administrativos y acceso a la red en el SO Windows subyaciente, al acceder a un icono de impresión en la pantalla táctil para manipular el dialogo de impresión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.7,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:norwegian-air:norwegian_air_kiosk:-:*:*:*:*:*:*:*","matchCriteriaId":"93320E3F-9B9F-475A-957D-A07CBAB5951C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96230","source":"cve@mitre.org"},{"url":"https://bugemot.com/bug/190","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=2j9gP5Qu2WA","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=WSQW0ipnXQg","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96230","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugemot.com/bug/190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=2j9gP5Qu2WA","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.youtube.com/watch?v=WSQW0ipnXQg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-3807","sourceIdentifier":"psirt@cisco.com","published":"2017-02-09T17:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838."},{"lang":"es","value":"Una vulnerabilidad en el código de Common Internet Filesystem (CIFS) en la funcionalidad Clientless SSL VPN de Cisco ASA Software, Major Releases 9.0-9.6, podría permitir a un atacante remoto autenticado provocar un desbordamiento de la memoria dinámica. La vulnerabilidad se debe a una validación insuficiente de la entrada suministrada por el usuario. Un atacante podría explotar esta vulnerabilidad enviando una URL manipulada al sistema afectado. Una explotación podría permitir al atacante remoto provocar una recarga del sistema afectado o potencialmente ejecutar código. Nota: Solo tráfico dirigido al sistema afectado puede ser usado para explotar esta vulnerabilidad. Esta vulnerabilidad solo afecta a sistemas configurados en modo firewall enrutado y modo de contexto individual o múltiple. Esta vulnerabilidad puede desencadenarse por tráfico IPv4 o IPv6. Se necesita una conexión TCP válida para llevar a cabo el ataque. El atacante necesita tener credenciales válidas para iniciar sesión en el portal Clientless SSL VPN. El software Cisco ASA vulnerable que se ejecuta en los siguientes productos puede verse afectado por esta vulnerabilidad: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA para Firepower 9300 Series, Cisco ASA para Firepower 4100 Series. Cisco Bug IDs: CSCvc23838."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:C","baseScore":8.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7632C245-04C6-4E78-87B7-55CCCA6FD6C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7EA0DDDD-C987-4DA6-ADEE-77B387C26A92"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E84099EB-2535-4A9F-8355-FF937CFBD122"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.3:*:*:*:*:*:*:*","matchCriteriaId":"9CBC03FE-3A54-450E-A8CE-844C4A6E54B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4:*:*:*:*:*:*:*","matchCriteriaId":"C599F894-DAD2-4231-8BB8-1427E7C02D60"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.4.2:*:*:*:*:*:*:*","matchCriteriaId":"5123875E-2726-4AD3-A767-04D4F3C15DD6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.5:*:*:*:*:*:*:*","matchCriteriaId":"C1F60C12-71C9-47C6-B43F-A0374419D736"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.5.12:*:*:*:*:*:*:*","matchCriteriaId":"5CBC6451-C5CE-4A84-8FAD-A0B6DBF67D03"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6:*:*:*:*:*:*:*","matchCriteriaId":"1C853CD9-F451-406E-A515-3BDC34E55639"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.4:*:*:*:*:*:*:*","matchCriteriaId":"AE4D6D0E-03FD-4C3C-9F6F-0BCE4B9F5D6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.8:*:*:*:*:*:*:*","matchCriteriaId":"B296BB10-E740-4EFC-A9FE-5E8C6D9BA0D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.18:*:*:*:*:*:*:*","matchCriteriaId":"41173D04-CD92-429A-A201-094C324435ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.22:*:*:*:*:*:*:*","matchCriteriaId":"96FB6BAE-322B-48F1-A26D-0ADC86ECCAF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.26:*:*:*:*:*:*:*","matchCriteriaId":"BEF3A418-EF33-4BEF-8508-DA573885AE2C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.29:*:*:*:*:*:*:*","matchCriteriaId":"929BF200-619E-4F35-9DDC-8DBFA7728CDF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.6.32:*:*:*:*:*:*:*","matchCriteriaId":"4AEBB18A-F33C-4A07-8C3F-5042F5C5B66A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FD7C28DC-B15F-486B-96F1-D08529B7374A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7.1:*:*:*:*:*:*:*","matchCriteriaId":"A9E00BE3-089B-48DB-8626-F5F655271CC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7.4:*:*:*:*:*:*:*","matchCriteriaId":"89373AD0-3CC4-4BD0-BA5C-352322BD371C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7.9:*:*:*:*:*:*:*","matchCriteriaId":"240E8B28-9CC1-4995-91D4-B41ACC96C44B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.7.12:*:*:*:*:*:*:*","matchCriteriaId":"0DB3077B-59B9-4B33-AE6F-A0AF84EB69EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8:*:*:*:*:*:*:*","matchCriteriaId":"B03A1408-A55A-4482-B239-B13094B13BFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8.2:*:*:*:*:*:*:*","matchCriteriaId":"2ABBFB9E-C009-42B6-A7D7-D897843F9A8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8.8:*:*:*:*:*:*:*","matchCriteriaId":"E4FCA9A3-94DF-4A5C-84D8-A1E95BC9A8A1"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8.12:*:*:*:*:*:*:*","matchCriteriaId":"9776E3A4-8F5D-4579-992D-EC00F0F7AEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.0.8.13:*:*:*:*:*:*:*","matchCriteriaId":"4400D917-0BEB-49AE-80C9-0F607818EEB4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2:*:*:*:*:*:*:*","matchCriteriaId":"F8B53107-BCD0-4D3E-B090-91D6BD6139C8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.16:*:*:*:*:*:*:*","matchCriteriaId":"B0430DD9-E36F-4911-ABB3-5B1043AE9EBB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.20:*:*:*:*:*:*:*","matchCriteriaId":"FA3639AA-0F7B-403E-83F9-538A770008E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.24:*:*:*:*:*:*:*","matchCriteriaId":"0A929090-A536-44B3-9371-A827FD0BEEFE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.28:*:*:*:*:*:*:*","matchCriteriaId":"7DB1837E-A87E-435A-8C89-AA6BB55FE9E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.38:*:*:*:*:*:*:*","matchCriteriaId":"DF45DF2C-54FF-48FE-A72B-9416CD5A582B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.42:*:*:*:*:*:*:*","matchCriteriaId":"F27FAEFB-6129-44D5-A836-867B24C6A980"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.46:*:*:*:*:*:*:*","matchCriteriaId":"C3845853-C6C5-464D-8BEA-4F3D6B53AEDC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.49:*:*:*:*:*:*:*","matchCriteriaId":"03C6B77C-1AD1-48E5-9279-B9F388066082"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.53:*:*:*:*:*:*:*","matchCriteriaId":"52E87DA1-3BD9-46E3-ADDB-DF7F5B958009"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.61:*:*:*:*:*:*:*","matchCriteriaId":"0CDAE653-39BC-443F-B2B0-06BEE9A66E6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.64:*:*:*:*:*:*:*","matchCriteriaId":"43EB0487-CF1F-4314-BD0D-2F31E4252431"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.72:*:*:*:*:*:*:*","matchCriteriaId":"D147236F-7871-4879-86E1-CDD49E9C4C40"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.1.2.81:*:*:*:*:*:*:*","matchCriteriaId":"AA8708CA-EA75-40EB-A868-BA78B5753516"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"E853B8BF-07F5-46DF-8DEA-302F68B8B086"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1.9:*:*:*:*:*:*:*","matchCriteriaId":"64ADB02B-E12A-49F7-84A5-981C51CBD85C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1.13:*:*:*:*:*:*:*","matchCriteriaId":"4AE8E662-2772-4D98-B01C-694757D9D6C5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1.19:*:*:*:*:*:*:*","matchCriteriaId":"1950D663-F0C9-4AE1-9595-FDCCDA1D83C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.1.24:*:*:*:*:*:*:*","matchCriteriaId":"19D6C582-4CCD-4BEA-8367-242CC3BADE0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"95627941-30D8-452F-B6C8-76D2BEE93514"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"BC7C3B04-B4F2-442C-BB54-9F4F192FB80E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.10:*:*:*:*:*:*:*","matchCriteriaId":"DECA50E1-B84C-46DD-AACE-513E9D4C383B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.14:*:*:*:*:*:*:*","matchCriteriaId":"FD1E4830-C94A-4B7E-9CE1-63D0A747FBCD"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.18:*:*:*:*:*:*:*","matchCriteriaId":"C569D949-A2BE-4983-A5C3-14508676B464"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.19:*:*:*:*:*:*:*","matchCriteriaId":"CF586164-82BC-4EA9-BE9D-4B6CDBFD7D4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.22:*:*:*:*:*:*:*","matchCriteriaId":"1A338318-148E-4EB3-B406-29A55F6E0B73"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.2.34:*:*:*:*:*:*:*","matchCriteriaId":"61F3A543-ECF2-4672-B6B6-DC1AB7D96D7E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.3:*:*:*:*:*:*:*","matchCriteriaId":"364CA0EA-F85E-4C4B-96D8-A7256F413844"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"FBA148AD-604D-4284-AE41-4E279F616B0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.3.12:*:*:*:*:*:*:*","matchCriteriaId":"BA4087CC-8B4D-42F5-9917-DA5EA2AA684C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.3.16:*:*:*:*:*:*:*","matchCriteriaId":"26CE8E7E-86CD-458C-AAB4-5901F66FC977"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4:*:*:*:*:*:*:*","matchCriteriaId":"67AB954E-D1F4-4B29-B782-2E9917D82DE0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.6:*:*:*:*:*:*:*","matchCriteriaId":"B943E75A-F816-473B-A458-9C6F3F702414"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.9:*:*:*:*:*:*:*","matchCriteriaId":"9C016EF9-C98A-4877-8086-39EA92031FA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.18:*:*:*:*:*:*:*","matchCriteriaId":"3E552CFA-627D-4CE5-9E73-E97A1DFCF40F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.25:*:*:*:*:*:*:*","matchCriteriaId":"5C47D6AE-7B30-422F-9F7F-2A95608AD3F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.27:*:*:*:*:*:*:*","matchCriteriaId":"DF918814-7EC6-4F46-AA7D-6AA52A42DB5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.30:*:*:*:*:*:*:*","matchCriteriaId":"35B55084-8826-4FE1-B0C0-0132354D9CA2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.4.33:*:*:*:*:*:*:*","matchCriteriaId":"BC75098F-97F4-4E27-8602-4521048C144C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5:*:*:*:*:*:*:*","matchCriteriaId":"7DA3389C-86FE-45F7-97D7-E3386403944F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.2:*:*:*:*:*:*:*","matchCriteriaId":"B54C2EAD-3E0F-451D-8451-A5D29D005DD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.4:*:*:*:*:*:*:*","matchCriteriaId":"7025DA5B-2C48-4044-B11C-F45FF351311A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.7:*:*:*:*:*:*:*","matchCriteriaId":"31F9B862-1E61-477A-9ADF-8DCCDCB1C239"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.8:*:*:*:*:*:*:*","matchCriteriaId":"E61FFB15-1E0C-4B7C-A506-BE69F1049D6E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.10:*:*:*:*:*:*:*","matchCriteriaId":"E53EC396-87B2-46F2-B150-841804F10FAF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.12:*:*:*:*:*:*:*","matchCriteriaId":"19432EC8-2C08-4C07-80A1-36BD1A747C4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:7.2.5.16:*:*:*:*:*:*:*","matchCriteriaId":"9E501CF3-86C1-4F37-8228-79A698236733"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"730F28DB-DFAC-4D9D-AB4A-42C158F3D88B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.2:*:*:*:*:*:*:*","matchCriteriaId":"656D49C2-4F2E-4369-8933-FF74A3CD51EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.2.11:*:*:*:*:*:*:*","matchCriteriaId":"D2D2A272-5B6A-426C-B95C-03F1CF92A556"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.2.15:*:*:*:*:*:*:*","matchCriteriaId":"D1AD5614-6AA5-4607-9B4D-7F40E174B51B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.3:*:*:*:*:*:*:*","matchCriteriaId":"C68E73D6-A207-4276-A972-52B859CD958A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.3.6:*:*:*:*:*:*:*","matchCriteriaId":"743B9EEB-8A00-4EDD-A10D-4FC0A8C2E6A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.3.12:*:*:*:*:*:*:*","matchCriteriaId":"4FA384B7-938A-48F7-8154-442E46FB1400"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.3.19:*:*:*:*:*:*:*","matchCriteriaId":"0250AEA5-7613-4F64-B90D-D600745F2403"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4:*:*:*:*:*:*:*","matchCriteriaId":"F44B4A87-D033-4C3F-B1F8-BC40E2CCDC54"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.3:*:*:*:*:*:*:*","matchCriteriaId":"00C93F75-E046-4E09-A269-49A55EFF2978"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.9:*:*:*:*:*:*:*","matchCriteriaId":"24CFD97E-113C-4F56-9BF1-D57C81BCA589"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.16:*:*:*:*:*:*:*","matchCriteriaId":"880058C4-556B-42FF-98AF-4428CB8CB94A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.23:*:*:*:*:*:*:*","matchCriteriaId":"189D6D5C-1DA2-407A-BE75-2189E04BC9E0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.25:*:*:*:*:*:*:*","matchCriteriaId":"6D61007E-55D6-4E10-A9CF-B4B5227AC909"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.28:*:*:*:*:*:*:*","matchCriteriaId":"A862D259-40EE-45AE-B896-7F68AC06272C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.31:*:*:*:*:*:*:*","matchCriteriaId":"9D33210F-0FA8-4089-AA05-C7AA80C12460"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.32:*:*:*:*:*:*:*","matchCriteriaId":"5C2D6C8E-2E0F-4328-8BE5-8E6845B75513"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.4.33:*:*:*:*:*:*:*","matchCriteriaId":"313EF49F-4F50-4205-93D8-38B0B18EB7E5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5:*:*:*:*:*:*:*","matchCriteriaId":"1E406214-2776-42C2-B777-92E6420FBFBF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.20:*:*:*:*:*:*:*","matchCriteriaId":"837D743B-CCCB-4D30-9B2E-24CBC4F9F9D4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.23:*:*:*:*:*:*:*","matchCriteriaId":"9B44024A-4500-4ACD-9C92-8EA996188B3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.25:*:*:*:*:*:*:*","matchCriteriaId":"78C2A72E-C42C-456B-B712-D04860CE1A56"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.27:*:*:*:*:*:*:*","matchCriteriaId":"8CC7F030-18CA-4F56-8F97-69E038319E17"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.28:*:*:*:*:*:*:*","matchCriteriaId":"911DC415-971F-46C1-B804-F8E87A0FD60B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.0.5.31:*:*:*:*:*:*:*","matchCriteriaId":"756BFBA7-D2D1-45D7-B225-A12B4FB82949"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.0.104:*:*:*:*:*:*:*","matchCriteriaId":"200F740F-9D7D-4A64-AE1F-276CF58241C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8E4B9D86-8EEB-4A5E-824C-4D7EBD64877A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"DD242CAB-9DB6-42F3-B649-A963C386C05C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2:*:*:*:*:*:*:*","matchCriteriaId":"9251926E-96A3-4160-BADB-2DF5CB662B64"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.13:*:*:*:*:*:*:*","matchCriteriaId":"4A2B9487-9749-4271-8112-C4FA21611312"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.15:*:*:*:*:*:*:*","matchCriteriaId":"E478D1ED-C5AF-46C2-B49B-515A62B653B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.16:*:*:*:*:*:*:*","matchCriteriaId":"EAAB258C-5D97-489B-8B4E-0511B00BE506"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.19:*:*:*:*:*:*:*","matchCriteriaId":"C2CF28B6-627D-4E25-BB61-32956239963D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.23:*:*:*:*:*:*:*","matchCriteriaId":"7E91C88B-7DF8-4ED5-B4BD-8C252C6EF0C6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.24:*:*:*:*:*:*:*","matchCriteriaId":"519C99B8-E222-4FA3-8C8F-0DA6019CD6A3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.49:*:*:*:*:*:*:*","matchCriteriaId":"B1E26DFA-B023-44B9-80D1-A5E391B571AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.50:*:*:*:*:*:*:*","matchCriteriaId":"43F07BA4-A069-4CD5-B0D9-156320CBB5AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.55:*:*:*:*:*:*:*","matchCriteriaId":"62CDDEAF-C62D-4364-ACA8-14F14BBFB150"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.2.56:*:*:*:*:*:*:*","matchCriteriaId":"21D140D4-1AE3-4D46-9B13-3EC78EBC4FD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*","matchCriteriaId":"70158003-F6CA-4A5C-893C-BF885A388D31"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*","matchCriteriaId":"8F2C8AFA-A4B6-44A2-B00C-1950997493C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:*","matchCriteriaId":"6297451E-196E-4C6D-9186-451BB42CAE8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"465313C5-BFB9-458A-8150-8F7BA1F8C386"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.9:*:*:*:*:*:*:*","matchCriteriaId":"BF399187-270F-4560-9C09-DF18132FA427"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*","matchCriteriaId":"EE7A928A-2CBA-43BC-B312-975EE9E24830"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*","matchCriteriaId":"4CF721BA-25FF-485E-9102-5741AC9BC9B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*","matchCriteriaId":"3F34D78E-68C9-4372-85F2-E74A1C8C06F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*","matchCriteriaId":"05748A45-8423-42F4-8F95-7BA83548C4E9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1C15D1F6-997D-47FD-A654-AEF3332E6105"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*","matchCriteriaId":"FA3E5F50-CBD1-4516-BC97-3AF59DB39A84"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"62B54134-5AC7-4D7E-A7F1-D4C2057FF146"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*","matchCriteriaId":"1AFE499E-09BB-4C86-AC74-7568B2D3CA51"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*","matchCriteriaId":"6A0B5BF7-18FB-4066-947E-7352B9951AFD"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*","matchCriteriaId":"B42DD43A-B6BD-4C2B-BA57-928501C62388"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*","matchCriteriaId":"BDE65B75-4987-4E77-8814-F7BC9875924A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*","matchCriteriaId":"C890603E-6634-46E2-AFA9-ADE8ED1B9E41"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*","matchCriteriaId":"AEBAB79E-83BF-4AD1-875B-D015A18ECB82"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*","matchCriteriaId":"9DA41C5E-F854-4729-9498-C54FA5C00664"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*","matchCriteriaId":"7B08E743-488A-4F99-ABA6-98AD534B603B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*","matchCriteriaId":"978A0B9D-1B1D-4E22-893C-52DE75247BA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*","matchCriteriaId":"FD17927A-7AFA-4177-A34E-5FEB7A9400AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.50:*:*:*:*:*:*:*","matchCriteriaId":"1E4B884F-EDE6-4055-83D8-609D2D1E518F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.52:*:*:*:*:*:*:*","matchCriteriaId":"8570FBED-D38F-49ED-8C6A-E241BF7E1274"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.55:*:*:*:*:*:*:*","matchCriteriaId":"F2889989-8D9C-4E06-8477-8BCF6DC7D84A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.57:*:*:*:*:*:*:*","matchCriteriaId":"02E9724F-AD95-4572-BD8F-27B71F8EBC5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.59:*:*:*:*:*:*:*","matchCriteriaId":"9AA7A0DD-9826-4AD8-B7C8-AD750BD87E4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*","matchCriteriaId":"5990B883-0B5A-44F0-B4DC-8031ED0F2026"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"9BA74460-D26D-4C0A-B697-DF9003096065"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"90BEB7A8-B2DB-46EB-9265-AB88476B1002"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.6:*:*:*:*:*:*:*","matchCriteriaId":"1DF80D39-35D2-447C-A809-E4C819FEEF25"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*","matchCriteriaId":"C7F417BC-5835-4F29-8DB6-03A62B7B2364"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"D90599A3-F885-414E-94F9-B4AECEB34D31"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.13:*:*:*:*:*:*:*","matchCriteriaId":"0185F882-E031-4B16-8DB3-62F76FBB78C6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.23:*:*:*:*:*:*:*","matchCriteriaId":"092FB46B-A4A4-40E5-B474-4FC36ADC427C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.25:*:*:*:*:*:*:*","matchCriteriaId":"EEB27EFB-BF82-493D-ADF2-7395B4E2A55F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.31:*:*:*:*:*:*:*","matchCriteriaId":"0AD84D98-1B98-454C-AF63-DE5E76E17C8F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.33:*:*:*:*:*:*:*","matchCriteriaId":"9D975A3B-0B3C-44E6-BE9C-AA73CF97AF78"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.34:*:*:*:*:*:*:*","matchCriteriaId":"7DAF32AF-EF06-4663-BFBE-1334D491A212"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.37:*:*:*:*:*:*:*","matchCriteriaId":"F9FB85D8-B247-4921-AE49-C2A1C2FDEB5E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.39:*:*:*:*:*:*:*","matchCriteriaId":"29BA59C8-F3D0-4B94-824B-F3CDAB465D30"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.40:*:*:*:*:*:*:*","matchCriteriaId":"EBF3C75D-751C-444F-A4AF-303409B22B1A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.41:*:*:*:*:*:*:*","matchCriteriaId":"D7CD6FE3-1B32-461E-9215-0F016798B61E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.44:*:*:*:*:*:*:*","matchCriteriaId":"22552CF4-01F8-46A8-ADD4-7BABFA574330"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"FA1C5485-EAF4-4F4D-AFA1-E105F433665E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*","matchCriteriaId":"989F9AC4-C2D1-49A0-95C3-79A4EB827E07"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*","matchCriteriaId":"B442C852-2465-4EA8-A977-1F10A4CE23AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*","matchCriteriaId":"C6DB6ED4-3095-46C1-9CB6-2975A7B05303"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"EE68CD8E-B9CF-4519-8B0E-4C4488B34887"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*","matchCriteriaId":"D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*","matchCriteriaId":"EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"518D4826-06B0-4DDC-B082-A536418FD292"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"E343DE08-58FA-4C39-99F9-8CB5F57D0CD8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*","matchCriteriaId":"76363698-DB62-4D92-8EE4-069891A9F92C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*","matchCriteriaId":"6159BEE3-D097-4E07-9962-06DB740E2AE3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*","matchCriteriaId":"FD606591-F69A-47AD-9256-20B98CA16135"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"A4EF3895-F372-45D3-9C7D-15F5C4712D08"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*","matchCriteriaId":"4DC5960D-B917-4ABA-850F-A710676ACB40"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*","matchCriteriaId":"B746A138-6650-49A3-87C8-3728FE5CF215"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*","matchCriteriaId":"E50C2A13-5A8B-4FA5-ABB8-1157E560503B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*","matchCriteriaId":"909F9D55-9276-4CF1-BC63-7CEEF8F25C21"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*","matchCriteriaId":"F383D276-D5EC-4335-AC09-9D30F6443AF0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*","matchCriteriaId":"39C2A7FF-6AC3-42B5-954A-9AA5950C523A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.15:*:*:*:*:*:*:*","matchCriteriaId":"9D7F36A8-C291-423D-AF28-56AAD8D0F712"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.22:*:*:*:*:*:*:*","matchCriteriaId":"3C2009F4-F832-49D6-8346-54A7328BD93B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.23:*:*:*:*:*:*:*","matchCriteriaId":"C9221DD4-498A-4867-B647-47E42299CE45"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.26:*:*:*:*:*:*:*","matchCriteriaId":"B839A425-E08C-41B1-9270-E177E40B1E27"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.28:*:*:*:*:*:*:*","matchCriteriaId":"8F4DDF53-0995-4971-A980-30FD15A40C78"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.29:*:*:*:*:*:*:*","matchCriteriaId":"2F3BD921-A58A-47EB-B90D-21C3A5D02D40"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1:*:*:*:*:*:*:*","matchCriteriaId":"800FE449-350D-4C4C-A8C2-D4C5A3B59F36"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C49BF8F7-5ACE-4D90-8F17-1AA9D3A2FD7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.6:*:*:*:*:*:*:*","matchCriteriaId":"8CE6D050-F186-492C-9813-895433B2612A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.7:*:*:*:*:*:*:*","matchCriteriaId":"6157AA5C-8297-4A32-B0A8-1E7E801E9CD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.14:*:*:*:*:*:*:*","matchCriteriaId":"F5A13091-02C6-4D98-90C9-ED4C43BDAFAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.17:*:*:*:*:*:*:*","matchCriteriaId":"F2C3E0E1-C3F3-4D53-8116-7D1AF3CD53CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.18:*:*:*:*:*:*:*","matchCriteriaId":"59F3DB48-E1EE-44E9-85DE-9FD7D5C59B4F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.19:*:*:*:*:*:*:*","matchCriteriaId":"27E064BD-CBC0-4556-9BCF-87D808809237"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.21:*:*:*:*:*:*:*","matchCriteriaId":"63D5DC14-187B-4808-8377-5FF44A11AA3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.24:*:*:*:*:*:*:*","matchCriteriaId":"64079FC4-53D8-4DBF-A2D5-2CED256F4939"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*","matchCriteriaId":"3FF969BE-46BB-4AD7-85AB-8384426E9551"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*","matchCriteriaId":"F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*","matchCriteriaId":"94E618B3-DD03-4ECD-AB9B-97F1EDF95E79"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*","matchCriteriaId":"0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*","matchCriteriaId":"20424324-881A-496B-BC55-62AA75994249"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*","matchCriteriaId":"D67012F3-5153-400E-BD6F-EB0949875F2B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*","matchCriteriaId":"E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.14:*:*:*:*:*:*:*","matchCriteriaId":"A6BA4B2D-187A-47EC-8BE1-7EA178549476"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.17:*:*:*:*:*:*:*","matchCriteriaId":"3CF52FB9-4EA9-41A7-AD29-E963C09FC98C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*","matchCriteriaId":"04C8C6E9-D5C3-42DC-B431-9097B2FCCB52"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"75B5CF41-7F01-4AE9-B54B-8DB6909504B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C80EAFF-E577-414A-9DDE-D27A41CB3DC9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"26CC07CC-0C79-48ED-BEB6-4B576A0DBD68"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.8:*:*:*:*:*:*:*","matchCriteriaId":"83FA6817-C5B7-410F-9CF7-801CC958C12E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*","matchCriteriaId":"1576FC7F-B7DD-41DD-A95E-23B1F86E4B02"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*","matchCriteriaId":"3768E4B0-E457-47AB-99B0-7C1A0E0CBE35"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.16:*:*:*:*:*:*:*","matchCriteriaId":"5D142088-0265-4987-8F5C-029F3DD06A18"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.17:*:*:*:*:*:*:*","matchCriteriaId":"76EDEE39-865D-4DA3-B1C9-033F2FF1A56F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*","matchCriteriaId":"A6E1C03C-0737-4E2B-B3F9-10770281F4AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5C7052D2-0789-4A4D-917D-FCD894B7280F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*","matchCriteriaId":"0956F0A8-7424-437C-AAD8-203183BEBFCC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*","matchCriteriaId":"49FB57F9-5B37-4509-B2EB-6A16DFE11F03"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*","matchCriteriaId":"952F6504-9CD0-453E-8C25-02BB9EE818F6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*","matchCriteriaId":"E842AF74-D1E3-4F71-80F9-197B38942405"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*","matchCriteriaId":"A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*","matchCriteriaId":"3F6293A8-C21E-46F6-ACC1-6BBAD419B41F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.17:*:*:*:*:*:*:*","matchCriteriaId":"CC1A48B1-112A-41C2-BC01-BCCF5794553D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.20:*:*:*:*:*:*:*","matchCriteriaId":"D2AE7036-C8EE-441F-94A4-DE8A9E89CA8C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.24:*:*:*:*:*:*:*","matchCriteriaId":"6448B4B4-022D-4D4A-A6DE-0090CEA12595"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.26:*:*:*:*:*:*:*","matchCriteriaId":"42813600-3186-4D19-8AF2-F4F98D3C6740"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.29:*:*:*:*:*:*:*","matchCriteriaId":"BC0969E6-151D-4298-8EC8-68D7880E994B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.33:*:*:*:*:*:*:*","matchCriteriaId":"4A0091CE-3386-4CCC-A2A8-900842EA6F51"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.35:*:*:*:*:*:*:*","matchCriteriaId":"B5A450E0-09E4-44C5-B55C-78A4BDAADA45"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.37:*:*:*:*:*:*:*","matchCriteriaId":"8285C95A-316D-4965-A34D-3BCB9AB83FA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.40:*:*:*:*:*:*:*","matchCriteriaId":"213F0A66-A71E-4B64-A66F-EA7B9C0D9151"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.42:*:*:*:*:*:*:*","matchCriteriaId":"6D33B43A-1836-4402-AEAC-59CA8F44E3D2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)4:*:*:*:*:*:*:*","matchCriteriaId":"07BC9E2D-0B86-4A82-8CB4-A31FFBF322CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)6:*:*:*:*:*:*:*","matchCriteriaId":"C9B7B477-15FD-4198-B0D9-0F9A8A2E4C20"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)7:*:*:*:*:*:*:*","matchCriteriaId":"C6887033-E697-47D0-B6E0-61B64E9D3AC8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)9:*:*:*:*:*:*:*","matchCriteriaId":"B4C1AB6D-F2C5-4726-8792-581E8DCB9EB6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)11:*:*:*:*:*:*:*","matchCriteriaId":"BEA1216C-903C-469D-8615-ECFB3AA29BC9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\\(7\\)12:*:*:*:*:*:*:*","matchCriteriaId":"0707169B-34B9-4666-8EBD-F5967059D6AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*","matchCriteriaId":"4714F698-BBAE-47BB-99E8-F90D22415EDD"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"EB55BC7E-0B3F-4202-8768-08F27B763926"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*","matchCriteriaId":"CFB01683-C482-4A5B-90FA-B5266BEA452E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*","matchCriteriaId":"DA16481A-4A47-4A8E-8C78-87B3A171280A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*","matchCriteriaId":"8C0258ED-6ED0-49C7-A13A-368711649FFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*","matchCriteriaId":"D448BB56-5B2E-4B3E-B7E8-1F4991F23D81"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4.5:*:*:*:*:*:*:*","matchCriteriaId":"E0346EAC-BDD1-4DC5-B8CA-20579C44AFE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*","matchCriteriaId":"2049D602-54F1-4072-936E-0D7E337162B8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.10:*:*:*:*:*:*:*","matchCriteriaId":"0710D6C8-AD34-43E2-B72B-315FFF3DC34F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.12:*:*:*:*:*:*:*","matchCriteriaId":"70F8F1D2-2196-44C4-B420-824F49BB4ACF"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.15:*:*:*:*:*:*:*","matchCriteriaId":"5E14B8D3-6D53-4E84-9B5D-24667B192C4B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.21:*:*:*:*:*:*:*","matchCriteriaId":"A05B2DFD-A0EF-42BE-B00B-334E78CA8C10"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6:*:*:*:*:*:*:*","matchCriteriaId":"F4CC96C9-492F-49CB-BEFE-356581E96B3C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"78F1F7D4-EC51-47D1-A71A-9EF98C51D388"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.4:*:*:*:*:*:*:*","matchCriteriaId":"0D5E93DE-06C0-401C-8062-1B2EB6EFDED6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.6:*:*:*:*:*:*:*","matchCriteriaId":"3E5EBFAB-25E2-4245-B748-92CAA943D4C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.8:*:*:*:*:*:*:*","matchCriteriaId":"B8BFB446-5747-42BB-98BC-B8DF250F1842"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*","matchCriteriaId":"1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*","matchCriteriaId":"A3A13A9C-5387-4670-8E20-FE878946D091"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*","matchCriteriaId":"9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*","matchCriteriaId":"AFC39DA3-8171-4344-A946-7965873C56F3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F9C31567-8AEB-49C6-AA60-4150411D62AA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*","matchCriteriaId":"CA140CB2-C17C-4164-A59A-8585906057BA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"468D98A7-92D5-4C01-9EDD-CB44B85EA6BB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*","matchCriteriaId":"7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*","matchCriteriaId":"39330218-32FA-42FF-B5CA-288B7D140304"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A92D7CED-D036-414B-B9EB-DCAF7F425A7D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"C4AAAB02-140D-46F2-A315-5791BF5A853F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*","matchCriteriaId":"2EB02DBE-6D60-4D0E-8E9D-7611C3C32748"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.2:*:*:*:*:*:*:*","matchCriteriaId":"31B4370A-84E5-4766-9D9D-EA1C53D73B79"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.4:*:*:*:*:*:*:*","matchCriteriaId":"9A2F3C77-89CD-4990-98FA-E896079B6C87"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.8:*:*:*:*:*:*:*","matchCriteriaId":"F5D03293-9765-46DB-B53D-1B23D5C14373"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.10:*:*:*:*:*:*:*","matchCriteriaId":"0286DAF0-FACA-4F94-82E9-EAED8750DB7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.13:*:*:*:*:*:*:*","matchCriteriaId":"25E77826-1208-4582-A94C-242B601BD456"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.14:*:*:*:*:*:*:*","matchCriteriaId":"DD617A59-2A4C-4264-BB5D-0126EF292079"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.16:*:*:*:*:*:*:*","matchCriteriaId":"F5B9FC85-13B8-488C-80C4-C29C0E244601"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.17:*:*:*:*:*:*:*","matchCriteriaId":"A2E7582A-835E-4A84-B197-EB40EE7985C9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.18:*:*:*:*:*:*:*","matchCriteriaId":"B4C489F4-4501-48D1-830F-169382343B6C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4.19:*:*:*:*:*:*:*","matchCriteriaId":"5A7C150D-8C79-4CF4-A6B6-AA46A94A3B54"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*","matchCriteriaId":"1E044883-9952-477A-B2AA-3E0BB90C96A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*","matchCriteriaId":"2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*","matchCriteriaId":"6F4A28B7-87A2-464A-92A8-644E3F7D13D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*","matchCriteriaId":"8D83ED80-972A-4548-9AB0-10F9A23DF749"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*","matchCriteriaId":"26D99395-D18D-458E-9880-19B7767F69D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*","matchCriteriaId":"ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"7F7DD812-DC72-4816-8B0F-361C32B2CD2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*","matchCriteriaId":"EC41D4CD-D5EA-4678-B3AA-962C7C937118"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"996C9552-5743-4639-A077-5B057605DF21"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"A5779CE0-7691-47DA-902C-4D32D6650C9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"0C69BE69-7C19-4ED3-98D3-04B1D41E56FE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.6:*:*:*:*:*:*:*","matchCriteriaId":"E7D12EFD-71D6-480E-97D5-278CCE4A7118"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.9:*:*:*:*:*:*:*","matchCriteriaId":"56AE55AB-8170-4E3A-AF89-A8F79599901A"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.10:*:*:*:*:*:*:*","matchCriteriaId":"8B10653A-0E7C-4014-825D-76B5B438D378"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.11:*:*:*:*:*:*:*","matchCriteriaId":"77642A96-EF7F-4138-97BC-B3793EE0FB52"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*","matchCriteriaId":"AFE9F46B-DD74-4295-BB6A-9239E29F4416"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.0.115:*:*:*:*:*:*:*","matchCriteriaId":"F8F53875-D589-4C34-B863-67AC9945BED8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1:*:*:*:*:*:*:*","matchCriteriaId":"8870EB6E-DAE9-45F9-BBA5-2D20E5E00F83"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"8B313B0E-4200-427F-A156-1EDA681F439D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B8C49821-3BA5-4B44-84F5-113024FD030F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"2011F264-53A5-4507-843B-46F66D285ADB"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"290AA0BD-EDB0-4BA4-BF85-9CF29A1B7908"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2:*:*:*:*:*:*:*","matchCriteriaId":"73FB7BAF-7B3E-4091-A90B-FB19B38FFE74"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6D2DA09B-CFBA-4FDE-A6D0-7C2CF202D72B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3:*:*:*:*:*:*:*","matchCriteriaId":"2BE2EE9B-D44E-430D-8469-1DF0ADC322B5"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"BC6B45EB-97BB-4683-9092-95E560B2585F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"8D3AA854-0F4D-4B08-A249-B3C19C056D7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.1:*:*:*:*:*:*:*","matchCriteriaId":"E29F95F5-6957-46F0-A0A2-CCACBBA14F90"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2:*:*:*:*:*:*:*","matchCriteriaId":"4D9EFD6D-A657-4102-982D-7634AC25E75E"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.6:*:*:*:*:*:*:*","matchCriteriaId":"59593836-990A-4CF1-AFBC-516C4A318641"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.10:*:*:*:*:*:*:*","matchCriteriaId":"5479676D-6B3F-4154-B0D4-D2C81E6C941F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.2.14:*:*:*:*:*:*:*","matchCriteriaId":"F062A64B-7184-49C6-BDF5-8A413B0A85F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3:*:*:*:*:*:*:*","matchCriteriaId":"B574E7C0-95AA-4A24-9470-FA282192D85C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"2F5B88C0-F809-4A58-9708-60C56129142C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"5EF8738F-8D49-47D3-B60D-3145218C9C09"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"0D146E0E-59DD-48BD-9A74-4E4823590E3B"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"B4FB5698-3AEA-4246-A677-7DB3DE73605D"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.5.3.7:*:*:*:*:*:*:*","matchCriteriaId":"56190201-887B-4157-9323-AAAA1CD86F09"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1.5:*:*:*:*:*:*:*","matchCriteriaId":"7E7AA7A9-F4DB-4BC1-9233-F72B66191F40"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.1.10:*:*:*:*:*:*:*","matchCriteriaId":"03D8C893-BA42-4EE5-A790-13614A6B436F"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2:*:*:*:*:*:*:*","matchCriteriaId":"339ACF13-0E1F-48D6-9939-96B16AE857CE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7D5D09C9-4559-4FED-B4B7-EAE5935EBCEE"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.2:*:*:*:*:*:*:*","matchCriteriaId":"074A5E58-A066-470B-840A-1148A8979DFA"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.3:*:*:*:*:*:*:*","matchCriteriaId":"FEF2C556-48E6-4572-8FD9-4DC8BAD90B90"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6.2.7:*:*:*:*:*:*:*","matchCriteriaId":"CDAD792D-70DB-4123-8BCC-B6890A9BCAA8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96161","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037797","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa","source":"psirt@cisco.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41369/","source":"psirt@cisco.com"},{"url":"http://www.securityfocus.com/bid/96161","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037797","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-asa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41369/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3813","sourceIdentifier":"psirt@cisco.com","published":"2017-02-09T17:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976."},{"lang":"es","value":"Una vulnerabilidad en el módulo Start Before Logon (SBL) de Cisco AnyConnect Secure Mobility Client Software para Windows podría permitir a un atacante local no autenticado abrir Internet Explorer con los privilegios del usuario SYSTEM. Esta vulnerabilidad se debe a implementación insuficiente de los controles de acceso. Un atacante podría explotar esta vulnerabilidad abriendo el navegador de Internet Explorer. Una explotación podría permitir al atacante usar Internet Explorer con privilegios del usuario SYSTEM. Esto podría permitir al atacante ejecutar comandos privilegiados en el sistema objetivo. Esta vulnerabilidad afecta a versiones anteriores a las versiones lanzadas 4.4.00243 y posteriores y 4.3.05017 y posteriores. Cisco Bug IDs: CSCvc43976."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00048:*:*:*:*:*:*:*","matchCriteriaId":"0608CACF-28C5-4A23-81FE-7FEB655FC84B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00051:*:*:*:*:*:*:*","matchCriteriaId":"72B9DB6D-0ABC-4938-A36E-2F68AB94635C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00052:*:*:*:*:*:*:*","matchCriteriaId":"086B95BE-3C22-4A6F-8D6A-20E550AD87D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00057:*:*:*:*:*:*:*","matchCriteriaId":"B0049AFD-B450-45A3-9067-423558EF8AD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00061:*:*:*:*:*:*:*","matchCriteriaId":"514B78B6-E0EE-40D6-A3FF-3DFAAF422187"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.00028:*:*:*:*:*:*:*","matchCriteriaId":"56A5414A-43FC-40BD-BD1F-49E9D73FD7B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.02011:*:*:*:*:*:*:*","matchCriteriaId":"660D863C-F744-4C54-9553-DE4934632280"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.04011:*:*:*:*:*:*:*","matchCriteriaId":"57AF4613-59C0-42B0-AAE5-F1D9E4C4BEC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.06013:*:*:*:*:*:*:*","matchCriteriaId":"FA3CC72A-070B-4924-A8BB-54FCB547C694"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.06020:*:*:*:*:*:*:*","matchCriteriaId":"25990F44-B6A3-497B-A57D-E6D2E1993D5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.08005:*:*:*:*:*:*:*","matchCriteriaId":"31F1CB4A-3A77-480E-A66E-467EF22D5E22"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.00096:*:*:*:*:*:*:*","matchCriteriaId":"E1D44C0A-76C1-4E8C-94D7-7C3679D3BFB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.01022:*:*:*:*:*:*:*","matchCriteriaId":"FC2F9555-D1B7-4F1F-B969-ACDB6914B237"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.01035:*:*:*:*:*:*:*","matchCriteriaId":"4CD1B8E4-595B-4DA5-A900-4F2D5412A23A"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.02075:*:*:*:*:*:*:*","matchCriteriaId":"402E9717-A5FC-4CD1-A0D2-DD4A5D2D73E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.03013:*:*:*:*:*:*:*","matchCriteriaId":"4EFA6472-55B7-4864-82ED-D93A32AC3530"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04018:*:*:*:*:*:*:*","matchCriteriaId":"BA911245-AAF8-4931-918F-B920976F7E4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04039:*:*:*:*:*:*:*","matchCriteriaId":"DDD9910A-4609-41B3-97E2-FF1366559C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.05015:*:*:*:*:*:*:*","matchCriteriaId":"0F7700A5-8BFA-445C-B28D-86BDC0293F36"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.06014:*:*:*:*:*:*:*","matchCriteriaId":"841DC63B-B6B4-4C78-8A40-58F6DE82F20C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.00748:*:*:*:*:*:*:*","matchCriteriaId":"3D5C7873-878D-48C4-9461-9B112701DAF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.01095:*:*:*:*:*:*:*","matchCriteriaId":"55AE035D-DA9A-4894-A838-DA9266E3859F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.02039:*:*:*:*:*:*:*","matchCriteriaId":"55034CB7-FD67-4DB8-A5D6-809ED8922272"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.03086:*:*:*:*:*:*:*","matchCriteriaId":"348318D0-1487-4ACE-8F33-63C6F21C62F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.04027:*:*:*:*:*:*:*","matchCriteriaId":"D9D07037-565D-4AAB-A447-3B71C6F37C5E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96145","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037796","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41476/","source":"psirt@cisco.com"},{"url":"http://www.securityfocus.com/bid/96145","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037796","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41476/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5180","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T18:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option."},{"lang":"es","value":"Firejail en versiones anteriores a 0.9.44.4 y 0.9.38.x LTS en versiones anteriores a 0.9.38.8 LTS no considera el caso .Xauthority durante su intento para impedir el acceso a los archivos de usuario con un euid de cero, lo que permite a usuarios locales llevar a cabo ataques de sybox-escape a través de vectores que implican un enlace simbólico y la opción --private."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:firejail_project:firejail:*:*:*:*:-:*:*:*","versionEndExcluding":"0.9.44.4","matchCriteriaId":"1638C095-A8D5-47B1-9A66-D405461B9E16"},{"vulnerable":true,"criteria":"cpe:2.3:a:firejail_project:firejail:*:*:*:*:lts:*:*:*","versionStartIncluding":"0.9.38","versionEndExcluding":"0.9.38.8","matchCriteriaId":"45BD839E-B418-44AA-9A8C-731A5A82D2A5"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/01/04/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95298","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://firejail.wordpress.com/download-2/release-notes/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-62","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/01/04/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95298","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://firejail.wordpress.com/download-2/release-notes/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5940","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T18:59:00.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180."},{"lang":"es","value":"Firejail en versiones anteriores a 0.9.44.6 y 0.9.38.x LTS en versiones anteriores a 0.9.38.10 LTS no aborda exhaustivamente los casos dotfile durante su intento de impedir el acceso a los archivos de usuario con un euid de cero, lo que permite a usuarios locales llevar a cabo ataques sybox-escape a través de vectores que implican un enlace simbólico y la opción --private. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2017-5180."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:firejail_project:firejail:*:*:*:*:lts:*:*:*","versionStartIncluding":"0.9.38","versionEndIncluding":"0.9.38.10","matchCriteriaId":"FBA4F089-E878-4C63-B9E7-F8ED37724459"},{"vulnerable":true,"criteria":"cpe:2.3:a:firejail_project:firejail:*:*:*:*:*:*:*:*","versionStartIncluding":"0.9.40","versionEndIncluding":"0.9.44.6","matchCriteriaId":"B40A5CA1-1D35-4A2C-9F9F-4BC968AB0E42"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/16","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96221","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://firejail.wordpress.com/download-2/release-notes/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-03","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96221","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://firejail.wordpress.com/download-2/release-notes/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/903fd8a0789ca3cc3c21d84cd0282481515592ef","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5941","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T19:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para yaxim y Bruno (0.8.6 - 0.8.8; Android)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:node-serialize_project:node-serialize:*:*:*:*:*:node.js:*:*","versionEndIncluding":"0.0.4","matchCriteriaId":"BAD0F8BD-C80A-420D-908F-8CD4B48208CF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96225","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/311","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/161356/Node.JS-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/163222/Node.JS-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96225","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nodesecurity.io/advisories/311","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5589","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para yaxim y Bruno (0.8.6 - 0.8.8; Android)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:bruno:0.8.6:*:*:*:*:android:*:*","matchCriteriaId":"DB39C75E-31B6-45D7-B78D-3A6D799A2E5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:bruno:0.8.7:*:*:*:*:android:*:*","matchCriteriaId":"99906BCE-7B96-4689-AEDC-0C00F39A29EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:bruno:0.8.8:*:*:*:*:android:*:*","matchCriteriaId":"9709487E-C162-4BFE-BA33-9C7C817EB089"},{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:yaxim:0.8.6:*:*:*:*:android:*:*","matchCriteriaId":"F8997AD7-819E-4D87-B655-EDDC74CA9EE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:yaxim:0.8.7:*:*:*:*:android:*:*","matchCriteriaId":"4057460F-28F9-43DA-BCB6-750CDC7DFE11"},{"vulnerable":true,"criteria":"cpe:2.3:a:yaxim:yaxim:0.8.8:*:*:*:*:android:*:*","matchCriteriaId":"468DD54B-9661-4874-8AEB-99960D62EACB"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96170","source":"cve@mitre.org"},{"url":"https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96170","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/ge0rg/yaxim/commit/65a38dc77545d9568732189e86089390f0ceaf9f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5590","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for ChatSecure (3.2.0 - 4.0.0; only iOS) and Zom (all versions up to 1.0.11; only iOS)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para ChatSecure (3.2.0 - 4.0.0; solo iOS) y Zom (todas las versiones hasta la 1.0.11; solo iOS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:chatsecure:chatsecure:3.2.0:*:*:*:*:iphone_os:*:*","matchCriteriaId":"8EA871A9-0979-4D25-8FF9-52F29168CDAE"},{"vulnerable":true,"criteria":"cpe:2.3:a:chatsecure:chatsecure:3.2.1:*:*:*:*:iphone_os:*:*","matchCriteriaId":"E0B181D1-AEB1-4BD8-B722-9A819DABC66D"},{"vulnerable":true,"criteria":"cpe:2.3:a:chatsecure:chatsecure:3.2.2:*:*:*:*:iphone_os:*:*","matchCriteriaId":"19D39CE7-0D9F-4878-B6F6-916B09E2B2D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:chatsecure:chatsecure:3.2.3:*:*:*:*:iphone_os:*:*","matchCriteriaId":"CA0652B8-53BD-4246-A078-71A1AC4FCFE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:chatsecure:chatsecure:4.0.0:*:*:*:*:iphone_os:*:*","matchCriteriaId":"89229A2D-F6D7-4EFF-AEDA-DA90F9F89FA5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zom:zom:*:*:*:*:*:iphone_os:*:*","versionEndIncluding":"1.0.11","matchCriteriaId":"436A20AC-C1BD-401F-ADE4-448F03E2F85A"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96165","source":"cve@mitre.org"},{"url":"https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96165","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/ChatSecure/ChatSecure-iOS/commit/a340b4bb519227d89f85f2716a10a197a65d4856","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/zom/Zom-iOS/commit/880051eaa8ba32d1b257c87a7d8798a93561bfd3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5591","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para SleekXMPPP hasta la versión 1.3.1 y SliXMPPp todas las versiones hasta la 1.2.3, como empaquetados en poezio (0.8 - 0.10) y otros productos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sleekxmpp_project:sleekxmpp:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.1","matchCriteriaId":"5B7A0758-5BBF-4E2E-8FFD-555B023DCD5A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:slixmpp_project:slixmpp:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.3","matchCriteriaId":"44475E86-A847-4531-BA49-0B73771D43AD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:poezio:poezio:0.8:*:*:*:*:*:*:*","matchCriteriaId":"B4E30A4E-C906-406E-89CD-AB193CBDD0C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:poezio:poezio:0.8.1:*:*:*:*:*:*:*","matchCriteriaId":"929839C5-3E52-4CBA-BD28-868B1A94CC8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:poezio:poezio:0.9:*:*:*:*:*:*:*","matchCriteriaId":"BC4B1EA2-7B93-4E16-9CA7-C290B9DA2263"},{"vulnerable":true,"criteria":"cpe:2.3:a:poezio:poezio:0.10:*:*:*:*:*:*:*","matchCriteriaId":"32CDDB71-E7BE-4E25-9E39-8B5E22F77E0E"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96166","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/poezio/slixmpp/commit/22664ee7b86c8e010f312b66d12590fb47160ad8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5592","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para profanity (0.4.7 - 0.5.0)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.4.7:-:*:*:*:*:*:*","matchCriteriaId":"F4C9F9D7-C8EC-44E4-A55B-06A4AD0F03F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.4.7:cyg1:*:*:*:*:*:*","matchCriteriaId":"B3D0DE23-B7EE-4644-A9E8-7A97385132A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.4.7:cyg2:*:*:*:*:*:*","matchCriteriaId":"7610BDB4-D5C8-4333-BD4B-6ADF4EC7B421"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.4.7:cyg3:*:*:*:*:*:*","matchCriteriaId":"4F7A6765-DBEC-4984-B702-B798D72A665C"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.4.7:patch1:*:*:*:*:*:*","matchCriteriaId":"0945DFD2-C235-4E44-BD50-1C1F9D1C15D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.5.0:-:*:*:*:*:*:*","matchCriteriaId":"6639BA25-1467-462A-82DD-9E62103CC42E"},{"vulnerable":true,"criteria":"cpe:2.3:a:profanity_project:profanity:0.5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"CF8A3688-A998-4619-B1BC-828DD5871A28"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96173","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96173","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/boothj5/profanity/commit/8e75437a7e43d4c55e861691f74892e666e29b0b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5593","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Psi+ (0.16.563.580 - 0.16.571.627)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para Psi+ (0.16.563.580 - 0.16.571.627)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:psi-plus:psi\\+:0.16.563.580:*:*:*:*:*:*:*","matchCriteriaId":"2A2A22D6-3194-4B78-8263-02864BEE76C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:psi-plus:psi\\+:0.16.571.627:*:*:*:*:*:*:*","matchCriteriaId":"91F5EF13-003D-40DE-B89E-9EB7B8315C83"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96169","source":"cve@mitre.org"},{"url":"https://github.com/psi-im/iris/pull/47/commits/02e976d4426a1319a7af7d26d7aba9d8c6077570","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96169","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/psi-im/iris/pull/47/commits/02e976d4426a1319a7af7d26d7aba9d8c6077570","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5602","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for jappix 1.0.0 to 1.1.6."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para jappix 1.0.0 to 1.1.6."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5F9E65AE-5D32-465B-B629-F3639306BE81"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"61B578FA-28F7-484E-945C-45B271BDB1F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B9C68990-0DDB-4D89-AB76-DBECFA7350A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"DD1E2A71-147A-45C6-8886-FC4051AD9083"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"126ACD34-E4FA-4A31-9B62-B66C3A1ABB48"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"17D06FF3-DD54-4D7A-B731-14071458382F"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"29576A29-0835-4BFA-A0D9-7E48EB24E1AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F116DCC5-6D42-4EFF-B710-FD83A2E53B5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4ACB74B1-195E-44B6-9F71-CFA58E223EFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"2130786E-DBB4-4B89-AD13-5B53499A5539"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"8F3658FF-8F5F-440B-9824-6974A6D0A88B"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"E4CB32B5-4234-4204-9D57-92A348354E7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.4:*:*:*:*:*:*:*","matchCriteriaId":"8E638252-1EAC-41AD-B38A-CD2DEE90AA47"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.5:*:*:*:*:*:*:*","matchCriteriaId":"9C9B3968-131D-4CBF-A76D-1CE2D91D8FC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:jappix_project:jappix:1.1.6:*:*:*:*:*:*:*","matchCriteriaId":"7C82A3CE-1FB3-48DF-A05F-43A79148C886"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96176","source":"cve@mitre.org"},{"url":"https://github.com/jappix/jappix/commit/ea6de7c65b80880bdf85df47c1a8a5d3d68491af","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96176","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/jappix/jappix/commit/ea6de7c65b80880bdf85df47c1a8a5d3d68491af","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5603","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Jitsi 2.5.5061 - 2.9.5544."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para Jitsi 2.5.5061 - 2.9.5544."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jitsi:jitsi:2.5.5061:*:*:*:*:*:*:*","matchCriteriaId":"B82E6947-285D-4B91-9375-5EB7517AA48D"},{"vulnerable":true,"criteria":"cpe:2.3:a:jitsi:jitsi:2.9.5544:*:*:*:*:*:*:*","matchCriteriaId":"2ACB92B0-9A84-447D-80A0-4FD7108CB0EC"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96174","source":"cve@mitre.org"},{"url":"https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b87315","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96174","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/jitsi/jitsi/commit/7d66da61b316c9480b63000f831b6de723b87315","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5604","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.450","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para mcabber 1.0.0 - 1.0.4."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcabber:mcabber:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"83FE747D-AEA9-49B8-BBA3-360CEFC501F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcabber:mcabber:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"EE9DF44E-1759-4A3B-A8A8-8CEFE0A170B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcabber:mcabber:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FAB75A8-B55C-4CD7-BEF1-27A7625595AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcabber:mcabber:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"6D06E422-7558-4619-8A75-ECF516EBCE28"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcabber:mcabber:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"D4CDEDA8-BB07-4606-9255-48023936D902"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96184","source":"cve@mitre.org"},{"url":"https://mcabber.com/hg/rev/2a9569fd7644","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96184","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://mcabber.com/hg/rev/2a9569fd7644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5605","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Movim 0.8 - 0.10."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para Movim 0.8 - 0.10."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:movim:movim:0.8:*:*:*:*:*:*:*","matchCriteriaId":"3A6AF2A7-99C5-418C-A134-F19FE53C6F82"},{"vulnerable":true,"criteria":"cpe:2.3:a:movim:movim:0.8.1:*:*:*:*:*:*:*","matchCriteriaId":"19E9E794-3396-4297-AE9E-691E50BC8DAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:movim:movim:0.9:*:*:*:*:*:*:*","matchCriteriaId":"ACEAD0C3-ABD3-420E-9C9E-1EAC3F1CCA76"},{"vulnerable":true,"criteria":"cpe:2.3:a:movim:movim:0.10:*:*:*:*:*:*:*","matchCriteriaId":"60CB8427-9799-431E-9BD0-2E7DE7B3CD90"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96177","source":"cve@mitre.org"},{"url":"https://github.com/movim/moxl/commit/838b0a42efc3b67cc17d63e25ae1d0ea849cd89b","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96177","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/movim/moxl/commit/838b0a42efc3b67cc17d63e25ae1d0ea849cd89b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5606","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para Xabber (sólo si está habilitado manualmente: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:xabber:xabber:*:*:*:*:-:android:*:*","versionEndIncluding":"1.0.30","matchCriteriaId":"86BE64EB-B76D-4A2A-92A1-D90F161A3008"},{"vulnerable":true,"criteria":"cpe:2.3:a:xabber:xabber:*:*:*:*:vip:android:*:*","versionEndIncluding":"1.0.30","matchCriteriaId":"48B0C95E-46D5-4E3C-8FFD-C102D81B495C"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96186","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96186","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5858","sourceIdentifier":"cve@mitre.org","published":"2017-02-09T20:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect implementation of \"XEP-0280: Message Carbons\" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4)."},{"lang":"es","value":"Una implementación incorrecta de \"XEP-0280: Message Carbons\" en múltiples clientes XMPP permite a un atacante remoto personificar cualquier usuario, incluidos los contactos, en la pantalla de la aplicación vulnerable. Esto permite varios tipos de ataques de ingeniería social. Esta CVE es para Converse.js (0.8.0 - 1.0.6, 2.0.0 - 2.0.4)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.0:*:*:*:*:*:*:*","matchCriteriaId":"B72CEF80-A5C4-4908-847E-A42A133EB750"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.1:*:*:*:*:*:*:*","matchCriteriaId":"DE82BC23-CAC5-460C-9BE1-F4A01826ACD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.2:*:*:*:*:*:*:*","matchCriteriaId":"D74A2AD5-7E0D-4A05-99D2-6CCD9F065D40"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.3:*:*:*:*:*:*:*","matchCriteriaId":"3BB99343-F9CD-453D-B741-75D8E375A64E"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.4:*:*:*:*:*:*:*","matchCriteriaId":"3F0B149D-BB35-47F1-B2EE-A46FA85DFF21"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.5:*:*:*:*:*:*:*","matchCriteriaId":"DE663F25-9D54-4484-A5FB-F9F39BB0A4DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.8.6:*:*:*:*:*:*:*","matchCriteriaId":"1FAD2155-0AEF-4080-908C-F53CA367C7C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.0:*:*:*:*:*:*:*","matchCriteriaId":"9C9D0125-3D83-4152-9AF6-0E612BAC78B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.1:*:*:*:*:*:*:*","matchCriteriaId":"428EA3B5-91C3-4671-BAD7-8F8E838B80F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.2:*:*:*:*:*:*:*","matchCriteriaId":"30784FCD-8079-4A9F-9EEF-28694D55ECE5"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.3:*:*:*:*:*:*:*","matchCriteriaId":"B29B31EC-93CD-4468-AD37-563EE88FEF94"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"6E3D04A3-C34C-4F3E-A110-7B7AFAAAA7F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.5:*:*:*:*:*:*:*","matchCriteriaId":"EF40A4B8-CE97-476C-A911-304774E46A4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.9.6:*:*:*:*:*:*:*","matchCriteriaId":"BD977F45-D0C0-4E76-A294-5F2A7CFF3A6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.10.0:*:*:*:*:*:*:*","matchCriteriaId":"CA079B97-06AE-480E-9A26-08D958560374"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:0.10.1:*:*:*:*:*:*:*","matchCriteriaId":"363EEFEB-2C3F-475D-AA40-5C1A7C271775"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1C8D4BC6-2806-4FF1-8CE4-613722BEA340"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"3BC62AB6-3060-4B44-AAB9-CBEBB7505188"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1FE58D9C-5F96-4B60-9356-B55AD4997CAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.3:*:*:*:*:*:*:*","matchCriteriaId":"0441FCA3-D517-4B41-B687-EF3454327398"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.4:*:*:*:*:*:*:*","matchCriteriaId":"886B3A14-6BDC-4CB7-8268-6DF1D872BCC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"AF33D02B-6C96-4AF4-AD5B-FFBFE757BF31"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:1.0.6:*:*:*:*:*:*:*","matchCriteriaId":"DA1451B0-EE4D-499B-8458-7538F7378EBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F2D9477A-990E-441B-80DF-DE43A81244D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FC93F612-E5C1-4B84-8031-38EA8EE4CBB4"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:2.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8CC002A9-F935-46BD-ADFD-A4107C70B0FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E79F1ABC-116B-49F4-A5A5-7712F866EC63"},{"vulnerable":true,"criteria":"cpe:2.3:a:conversejs:converse.js:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"7D618B06-D4B3-4B49-96E0-DB0D357B656E"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96183","source":"cve@mitre.org"},{"url":"https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://openwall.com/lists/oss-security/2017/02/09/29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96183","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/jcbrand/converse.js/commit/42f249cabbbf5c026398e6d3b350f6f9536ea572","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://rt-solutions.de/en/2017/02/CVE-2017-5589_xmpp_carbons/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://rt-solutions.de/wp-content/uploads/2017/02/CVE-2017-5589_xmpp_carbons.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10215","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a \"site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en Fastspot BigTree bigtree-form-builder en versiones anteriores a 1.2. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en múltiples parámetros HTTP POST pasados a una URL \"site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fastspot:bigtree-form-builder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"F3EB5A0C-9256-43C5-8CA9-F25AF08971F1"}]}]}],"references":[{"url":"https://github.com/Fastspot/bigtree-form-builder/commit/06fde0cc67ff121b212715031e12574f50970fcd","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/Fastspot/bigtree-form-builder/commit/06fde0cc67ff121b212715031e12574f50970fcd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10216","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the \"value\" HTTP POST parameter passed to the \"itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en IT ITems DataBase (ITDB) hasta la versión 1.23. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"value\" de HTTP POST pasado a la URL \"itdb-1.23/js/DataTables-1.8.2/examples/examples_support/editable_ajax.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sivann:it_items_database:*:*:*:*:*:*:*:*","versionEndIncluding":"1.23","matchCriteriaId":"A5DDAF4C-1D2A-421C-B0BF-DB3B611C83DF"}]}]}],"references":[{"url":"https://github.com/sivann/itdb/issues/56","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/sivann/itdb/issues/56","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5942","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail."},{"lang":"es","value":"Se descubrió un problema en el plugin WP Mail en versiones anteriores a 1.2 para WordPress. El parámetro replyto al componer un correo permite una XSS reflejada. Esto le podría permitir ejecutar JavaScript en el contexto del usuario que recibe el correo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wp_mail_project:wp_mail:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"1.1","matchCriteriaId":"8A8C3F86-38D8-496A-AB6E-C01C5A845EF0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96211","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cjc.im/advisories/0006/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96211","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cjc.im/advisories/0006/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5945","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the \"poodll_audio_url\" HTTP GET parameter passed to the \"filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en el plugin PoodLL Filter hasta la versión 3.0.20 para Moodle. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"poodll_audio_url\" de HTTP GET pasado a la URL \"filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:poodll:moodle-filter_poodll:*:*:*:*:*:moodle:*:*","versionEndIncluding":"3.0.20","matchCriteriaId":"288C7D90-2080-470B-A253-5B5B04A99370"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96212","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/justinhunt/moodle-filter_poodll/issues/23","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96212","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/justinhunt/moodle-filter_poodll/issues/23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5953","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow."},{"lang":"es","value":"vim en versiones anteriores a patch 8.0.0322 no valida adecuadamente los valores para la longitud del árbol cuando maneja un archivo spell, lo que puede resultar en un desbordamiento de entero en un sitio de asignación de memoria y un desbordamiento de búfer resultante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0055","matchCriteriaId":"6C46FDA7-FFAC-47FC-844E-327A0F14E824"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3786","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96217","source":"cve@mitre.org"},{"url":"https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/4016-1/","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/4309-1/","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3786","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96217","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/t-3RSdEnrHY","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4016-1/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4309-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5954","sourceIdentifier":"cve@mitre.org","published":"2017-02-10T07:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE)."},{"lang":"es","value":"Se descubrió un problema en el paquete serialize-to-js 0.5.0 para Node.js. Los datos no confiables pasados en la función deserialize() pueden ser explotados para lograr la ejecución de código arbitrario pasando un JavaScript Object con una Immediately Invoked Function Expression (IIFE)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:serialize-to-js_project:serialize-to-js:0.5.0:*:*:*:*:node.js:*:*","matchCriteriaId":"98DFC5D0-CBD4-42D6-880D-09A7F75DF8C6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96223","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/commenthol/serialize-to-js/issues/1","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96223","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/commenthol/serialize-to-js/issues/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8709","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-10T17:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad remota de escritura fuera de límites / corrupción de memoria en la funcionalidad de análisis de Nitro Pro 10. Un archivos PDF especialmente manipulado puede provocar una vulnerabilidad resultando en una posible corrupción de memoria. Un atacante puede enviar a la víctima un archivo PDF específico para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gonitro:nitro_pdf_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"10.5.9.9","matchCriteriaId":"FA0EA2EF-ED94-4330-856D-EAD92A2AB63E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96155","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0218/","source":"talos-cna@cisco.com","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0218/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8711","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-10T17:59:00.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad potencial de ejecución de código remoto en la funcionalidad de análisis de Nitro Pro 10. Un archivos PDF especialmente manipulado puede provocar una vulnerabilidad resultando en una posible ejecución de código. Un atacante puede enviar a la víctima un archivo PDF específico para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gonitro:nitro_pdf_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"10.5.9.9","matchCriteriaId":"FA0EA2EF-ED94-4330-856D-EAD92A2AB63E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96155","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0224/","source":"talos-cna@cisco.com","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0224/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8713","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-10T17:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad remota de escritura fuera de límites / corrupción de memoria en la funcionalidad de análisis de Nitro Pro 10.5.9.9. Un archivos PDF especialmente manipulado puede provocar una vulnerabilidad resultando en una posible corrupción de memoria. Un atacante puede enviar a la víctima un archivo PDF específico para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gonitro:nitro_pdf_pro:10.5.5.9:*:*:*:*:*:*:*","matchCriteriaId":"9D5BB17D-CE66-4387-9546-AA07A929090C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96155","source":"talos-cna@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0226/","source":"talos-cna@cisco.com","tags":["Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0226/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-3302","sourceIdentifier":"secalert_us@oracle.com","published":"2017-02-12T04:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3."},{"lang":"es","value":"Caída en libmysqlclient.so en Oracle MySQL en versiones anteriores 5.6.21 y 5.7.x en versiones anteriores 5.7.5 y MariaDB hasta la versión 5.5.54, 10.0.x hasta la versión 10.0.29, 10.1.x hasta la versión 10.1.21 y 10.2.x hasta la versión 10.2.3."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.6.0","versionEndExcluding":"5.6.21","matchCriteriaId":"B0C4A1F9-3C06-443E-A34D-743396F8E3C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*","versionStartIncluding":"5.7.0","versionEndExcluding":"5.7.5","matchCriteriaId":"DF260A4F-5B6A-415B-8857-1EF4B02267EE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionEndIncluding":"5.5.54","matchCriteriaId":"402A7D46-9168-44F4-9D73-053A68BE6C5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndIncluding":"10.0.29","matchCriteriaId":"6C08F580-8B61-4AE7-BE14-61B3049DF8EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndIncluding":"10.1.21","matchCriteriaId":"A5033B0F-346B-45CE-943D-B2FA398FB1A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*","versionStartIncluding":"10.2.0","versionEndIncluding":"10.2.3","matchCriteriaId":"FD4D6819-4993-40C7-BC41-B8B830385EC2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3809","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3834","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/11/11","source":"secalert_us@oracle.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","source":"secalert_us@oracle.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96162","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038287","source":"secalert_us@oracle.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"secalert_us@oracle.com","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3834","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/11/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96162","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038287","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0279","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:0574","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5960","sourceIdentifier":"cve@mitre.org","published":"2017-02-12T04:59:00.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the \"phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en Phalcon Eye hasta la versión 0.4.1. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en múltiples parámetros HTTP GET pasados a la URL \"phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phalconeye_project:phalconeye:*:*:*:*:*:*:*:*","versionEndIncluding":"0.4.1","matchCriteriaId":"09D5FE06-1135-4DE2-BC49-9FA16E53976C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96201","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/PhalconEye/phalconeye/issues/133","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/PhalconEye/phalconeye/issues/133","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5961","sourceIdentifier":"cve@mitre.org","published":"2017-02-12T04:59:00.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the \"path\" HTTP GET parameter passed to the \"ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en ionize hasta la versión 1.0.8. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"path\" de HTTP GET pasado a la URL \"ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirror/dialog.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ionizecms:ionize:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.8","matchCriteriaId":"4FB26C3C-9DA1-4F40-A484-5E34DFB9F278"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96196","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ionize/ionize/issues/393","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ionize/ionize/issues/393","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5962","sourceIdentifier":"cve@mitre.org","published":"2017-02-12T04:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the \"force_ua\" HTTP GET parameter passed to the \"/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en contexts_wurfl (para TYPO3) en versiones anteriores a 0.4.2. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"force_ua\" de HTTP GET pasado a la URL \"/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.2.0:alpha:*:*:*:typo3:*:*","matchCriteriaId":"CAF682B6-156B-4FC4-BF6C-B81CB0A9C7F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.2.1:alpha:*:*:*:typo3:*:*","matchCriteriaId":"7CE2302A-66F1-4E6B-B50B-1918CAEB43AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.2.2:alpha:*:*:*:typo3:*:*","matchCriteriaId":"D951F679-A7B9-4727-8FB8-28FD985F3B87"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.3.0:alpha:*:*:*:typo3:*:*","matchCriteriaId":"372BA7A5-4F29-41E4-8375-383EB4ED5B51"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.3.1:alpha:*:*:*:typo3:*:*","matchCriteriaId":"495B8185-B8E2-4317-9D78-E37C47B53D2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.4.0:alpha:*:*:*:typo3:*:*","matchCriteriaId":"B0589212-440A-456B-BE76-41795C9A57BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:netresearch:contexts_wurfl:0.4.1:alpha:*:*:*:typo3:*:*","matchCriteriaId":"958ED52F-977B-4AF8-A8D8-D26836AF9C39"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96158","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forge.typo3.org/issues/79326","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forge.typo3.org/issues/79326","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5963","sourceIdentifier":"cve@mitre.org","published":"2017-02-12T04:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the \"paymillToken\" HTTP POST parameter passed to the \"caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en caddy (para TYPO3) en versiones anteriores a 7.2.10. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"paymillToken\" de HTTP POST pasado a la URL \"caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:2.1.4:alpha:*:*:*:typo3:*:*","matchCriteriaId":"D547F8EA-BCC8-4EFA-A0C5-409FA127A231"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:2.1.5:alpha:*:*:*:typo3:*:*","matchCriteriaId":"87FBC605-B8F5-46A4-9AC6-D795DD4B0CCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:2.1.6:alpha:*:*:*:typo3:*:*","matchCriteriaId":"2E9FB30C-6623-46B6-BA40-062F8BE06192"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:3.0.0:alpha:*:*:*:typo3:*:*","matchCriteriaId":"E78620F4-4325-4208-8295-36DB4C8D534E"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:4.0.0:alpha:*:*:*:typo3:*:*","matchCriteriaId":"E02D7490-F858-46D4-9815-F7FF5B6E8F03"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:4.0.1:alpha:*:*:*:typo3:*:*","matchCriteriaId":"4F0C5902-8890-46F6-BCCA-1CA8E0823828"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:4.0.2:alpha:*:*:*:typo3:*:*","matchCriteriaId":"7D0376BB-7DC7-413B-93D6-8B6D4E432DB3"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:4.0.3:alpha:*:*:*:typo3:*:*","matchCriteriaId":"D0236B11-41C8-4708-BE6C-0CB2A6E404E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:4.0.12:alpha:*:*:*:typo3:*:*","matchCriteriaId":"AD545299-CA83-4803-AB46-8A16321ACEB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.0.1:alpha:*:*:*:typo3:*:*","matchCriteriaId":"1BFA5F0F-6BA9-4609-8A33-31DC6C1028B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.0.2:alpha:*:*:*:typo3:*:*","matchCriteriaId":"270516A7-037D-4425-BD7D-758A939F7FC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.0.9:alpha:*:*:*:typo3:*:*","matchCriteriaId":"AB243F01-9248-430B-B1B7-3EB3629E6F3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.0.12:beta:*:*:*:typo3:*:*","matchCriteriaId":"9CF7167A-2B41-4FDE-8D69-91FC832B36C3"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.0.14:beta:*:*:*:typo3:*:*","matchCriteriaId":"27E9DD7F-3497-4CA4-AEC4-48566EA29408"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.1.0:beta:*:*:*:typo3:*:*","matchCriteriaId":"489D14AF-30E4-4013-996F-26C1B4F8C194"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.2.1:beta:*:*:*:typo3:*:*","matchCriteriaId":"05750579-0B0F-4B14-839C-BF6D46C8B4F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.3.0:beta:*:*:*:typo3:*:*","matchCriteriaId":"79E0A0BD-4D21-4AD3-8DE9-D9FCA0AF1CB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.3.1:beta:*:*:*:typo3:*:*","matchCriteriaId":"5899F22F-FBC4-439A-A6E9-9942A503FC68"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:6.3.3:beta:*:*:*:typo3:*:*","matchCriteriaId":"661AB403-6776-49FD-A1DF-0A6B6BC9F21F"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:7.0.0:beta:*:*:*:typo3:*:*","matchCriteriaId":"896F19FC-B998-461E-BEC0-95AA0743BFDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:7.1.0:beta:*:*:*:typo3:*:*","matchCriteriaId":"F577C538-346A-4B04-A2C0-A79A8AD9492D"},{"vulnerable":true,"criteria":"cpe:2.3:a:caddy_project:caddy:7.2.7:beta:*:*:*:typo3:*:*","matchCriteriaId":"682ED5D4-1FA2-47B7-A105-76411A7E4A3D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96198","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forge.typo3.org/issues/79325","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96198","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://forge.typo3.org/issues/79325","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5964","sourceIdentifier":"cve@mitre.org","published":"2017-02-12T04:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the \"emoncms-master/Modules/vis/visualisations/compare.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se descubrió un problema en Emoncms hasta la versión 9.8.0. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en múltiples parametros de HTTP GET pasados a la URL \"emoncms-master/Modules/vis/visualisations/compare.php\". Un atacante podría ejecutar código HTML y secuencias de comandos en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openenergymonitor:emoncms:*:*:*:*:*:*:*:*","versionEndIncluding":"9.8.0","matchCriteriaId":"1099E744-B2CB-4346-B145-512C7ED1229D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96202","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/emoncms/emoncms/issues/636","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96202","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/emoncms/emoncms/issues/636","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8495","sourceIdentifier":"psirt@fortinet.com","published":"2017-02-13T15:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature."},{"lang":"es","value":"Una vulnerabilidad de validación de certificado incorrecto en Fortinet FortiManager 5.0.6 hasta la versión 5.2.7 y 5.4.0 hasta la versión 5.4.1 permite a atacantes remotos suplantar una entidad de confianza utilizando un ataque man-in-the-middle (MITM) a través de la funcionalidad de sondeo de dispositivos Fortisandbox."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"83ADE078-F9B6-4E46-89AB-F9DE3A2EAF06"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"A5DF6CBD-E8D8-40B7-9512-CD739D6FA918"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"42304E1B-C9BF-4CCE-A5C7-4FAC7E4C87E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"34B83D3F-23C8-4781-887C-1876B103A4B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"BC2F75CB-BC6D-434A-84C8-6290F4B6E8B1"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.8:*:*:*:*:*:*:*","matchCriteriaId":"AB152570-F07F-4706-9717-D31F5F31CDE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.9:*:*:*:*:*:*:*","matchCriteriaId":"C2A3410C-E673-49C1-AA2C-2BD77C68DCA6"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.10:*:*:*:*:*:*:*","matchCriteriaId":"6AFEA22C-D661-4859-86CE-329D23E3EF87"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.0.11:*:*:*:*:*:*:*","matchCriteriaId":"7D9B23B1-A527-49B6-A6CB-CFFCF278B70E"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"72523D47-A6FA-48E8-B2D0-3563027CE35C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7FE6366D-0535-4681-90F7-3AB9386184A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"0F5BBE82-1D71-40EE-B506-1DD1066F537C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"F1A2A3F2-A908-4192-8032-F8FA3310B50A"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"0B621447-97C3-42B4-92FF-3D5BEDE26A2F"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.6:*:*:*:*:*:*:*","matchCriteriaId":"8A9B31D5-E000-4378-A030-D3B47C6D1740"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.2.7:*:*:*:*:*:*:*","matchCriteriaId":"8CF01200-2392-43E7-9682-80CF1A235409"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.4.0:*:*:*:*:*:*:*","matchCriteriaId":"7C235585-4228-43B3-B2BB-06563B67F9E7"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortimanager_firmware:5.4.1:*:*:*:*:*:*:*","matchCriteriaId":"B760F3B0-C81A-4B53-8D1E-384834D4A594"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96157","source":"psirt@fortinet.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037805","source":"psirt@fortinet.com"},{"url":"https://fortiguard.com/advisory/FG-IR-16-055","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96157","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037805","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://fortiguard.com/advisory/FG-IR-16-055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3896","sourceIdentifier":"secure@intel.com","published":"2017-02-13T16:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unvalidated parameter vulnerability in the remote log viewing capability in Intel Security McAfee Agent 5.0.x versions prior to 5.0.4.449 allows remote attackers to pass unexpected input parameters via a URL that was not completely validated."},{"lang":"es","value":"Vulnerabilidad de parámetro no válido en la capacidad de visualización de inicio de sesión remoto en Intel Security McAfee Agent 5.0.x versiones anteriores a 5.0.4.449 permite a atacantes remotos pasar parámetros de entrada inesperados a través de una URL que no fue completamente validada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:mcafee_agent:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"FCB38941-504D-4F59-BA02-159FE34E3290"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:mcafee_agent:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"7543F520-79D3-4AF0-A8EE-C57A38C35B20"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:mcafee_agent:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"4B1F4098-35D5-43B6-BF6B-F38091FA7DB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:mcafee_agent:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"CB19F73E-DE92-4249-82C6-830D55FC25AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:mcafee_agent:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"2DE7CA65-6B1F-44BF-AC15-F6595313AF91"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95903","source":"secure@intel.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037629","source":"secure@intel.com"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10183","source":"secure@intel.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037629","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10183","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3902","sourceIdentifier":"secure@intel.com","published":"2017-02-13T16:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation."},{"lang":"es","value":"Vulnerabilidad de XSS en la interfaz Web de usuario (UI) en Intel Security ePO 5.1.3, 5.1.2, 5.1.1 y 5.1.0 permite a usuarios no autenticados inyectar secuencias de comandos Java maliciosos eludiendo la entrada de validación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"DE33AFB8-9962-4D75-B613-D5032A0949A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CEBA52A8-233F-4015-B44B-1BF7B5593CCE"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"A0DBB72F-A984-4641-9230-97B815FCD31C"},{"vulnerable":true,"criteria":"cpe:2.3:a:mcafee:epolicy_orchestrator:5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"08F542C3-C2BB-420A-BCDB-AB5A688689B5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96465","source":"secure@intel.com"},{"url":"http://www.securitytracker.com/id/1037628","source":"secure@intel.com"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10184","source":"secure@intel.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96465","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037628","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10184","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6210","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T17:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided."},{"lang":"es","value":"sshd en OpenSSH en versiones anteriores a 7.3, cuando SHA256 o SHA512 son utilizados para el hashing de la contraseña del usuario, utiliza BLOWFISH hashing en una contraseña estática cuando no existe el nombre de usuario, lo que permite a atacantes remotos enumerar usuarios aprovechando la diferencia de tiempo entre respuestas cuando se proporciona una contraseña grande."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openbsd:openssh:*:p2:*:*:*:*:*:*","versionEndIncluding":"7.2","matchCriteriaId":"4AFA4267-E15B-4826-9B98-63F68AB1627F"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2016/Jul/51","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3626","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/91812","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036319","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:2029","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:2563","source":"cve@mitre.org"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201612-18","source":"cve@mitre.org"},{"url":"https://security.netapp.com/advisory/ntap-20190206-0001/","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40113/","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/40136/","source":"cve@mitre.org"},{"url":"https://www.openssh.com/txt/release-7.3","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2016/Jul/51","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3626","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/91812","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1036319","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2029","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2563","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-18","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.netapp.com/advisory/ntap-20190206-0001/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40113/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40136/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.openssh.com/txt/release-7.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2014-9760","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.113","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username."},{"lang":"es","value":"Vulnerabilidad de XSS en la función displayLogin en html/index.php en GOsa permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de usuario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gosa_project:gosa:-:*:*:*:*:*:*:*","matchCriteriaId":"76B43F12-8F13-4ECC-AF88-0A9A9DE1D233"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/15/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97104","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/15/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97104","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8750","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file."},{"lang":"es","value":"Libdwarf 20151114 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una sección debug_abbrev marcada NOBITS en un archivo ELF."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndIncluding":"2015-11-14","matchCriteriaId":"A285A020-CCA9-4E7E-ABC7-78F2A362F210"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1294264","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697","source":"cve@mitre.org","tags":["Broken Link","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/07/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1294264","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8768","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone."},{"lang":"es","value":"El archivo click/install.py en click no requiere archivos en el sistema de archivos del paquete tarballs para iniciar con ./ (punto barra), lo que permite a los atacantes remotos instalar una política de seguridad alternativa y alcanzar privilegios por medio de un paquete diseñado, como es demostrado por la aplicación test.mmrow para el teléfono Ubuntu."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:click_project:click:-:*:*:*:*:*:*:*","matchCriteriaId":"B43706BE-E042-43AF-85B7-1AC24D5226F3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","matchCriteriaId":"F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}]}]}],"references":[{"url":"http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587","source":"cve@mitre.org"},{"url":"http://ubuntu.com/usn/usn-2771-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/12/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96386","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/","source":"cve@mitre.org"},{"url":"https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF","source":"cve@mitre.org"},{"url":"http://bazaar.launchpad.net/~click-hackers/click/devel/revision/587","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://ubuntu.com/usn/usn-2771-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/12/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96386","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/click/+bug/1506467","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://code.launchpad.net/~cjwatson/click/audit-missing-dot-slash/+merge/274554","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://insights.ubuntu.com/2015/10/15/update-on-ubuntu-phone-security-issue/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://plus.google.com/+SzymonWaliczek/posts/3jbG2uiAniF","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-8771","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password."},{"lang":"es","value":"La función generate_smb_nt_hash en include/functions.inc en GOsa permite a atacantes remotos ejecutar comandos arbitrarios a través de una contraseña manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gosa_project:gosa_plugin:*:*:*:*:*:*:*:*","matchCriteriaId":"5EDDAA62-18AA-4C64-A7BC-5FFBB433D672"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/01/15/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96388","source":"cve@mitre.org"},{"url":"https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/01/15/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96388","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10026","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.363","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."},{"lang":"es","value":"ikiwiki 3.20161219 no verifica adecuadamente si una revisión cambia los permisos de acceso para una página en sitios con los plugins git y recentchanges y la interfaz CGI habilitados, lo que permite a atacantes remotos revertir ciertos cambios aprovechando permisos para cambiar la página antes de que sea hecha la revisión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ikiwiki:ikiwiki:3.20161219:*:*:*:*:*:*:*","matchCriteriaId":"3356F821-E0C4-45AB-AAB8-C371F71F1D04"}]}]}],"references":[{"url":"http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3760","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/21/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/29/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://ikiwiki.info/security/#index46h2","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3760","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/21/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://ikiwiki.info/security/#index46h2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-2568","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."},{"lang":"es","value":"pkexec, cuando se utiliza con --user nonpriv, permite a usuarios locales escapar a la sesión principal a través de una llamada ioctl TIOCSTI manipulada, que empuja caracteres al búfer de entrada de la terminal."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.1,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-116"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freedesktop:polkit:*:*:*:*:*:*:*:*","matchCriteriaId":"CBC9173A-C46D-4526-863E-775B836BA2F7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/02/26/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2016-2568","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1300746","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://ubuntu.com/security/CVE-2016-2568","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/26/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/cve-2016-2568","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1300746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://ubuntu.com/security/CVE-2016-2568","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-2787","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors."},{"lang":"es","value":"Puppet Communications Protocol en Puppet Enterprise 2015.3.x en versiones anteriores a 2015.3.3 no valida adecuadamente certificados para el nodo broker, lo que permite a anfitriones remotos no incluidos en la lista blanca prevenir que ejecuciones se desencadenen a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:2015.3.2:*:*:*:*:*:*:*","matchCriteriaId":"B18FA0E7-381A-4831-9E2A-DE94D5FCDA83"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppetlabs:puppet_enterprise:2015.3:*:*:*:*:*:*:*","matchCriteriaId":"D31A16EE-D27C-47F8-8383-3824A6752EEC"}]}]}],"references":[{"url":"https://puppet.com/security/cve/CVE-2016-2787","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://puppet.com/security/cve/CVE-2016-2787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-2788","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command."},{"lang":"es","value":"MCollective 2.7.0 y 2.8.x en versiones anteriores a 2.8.9, como se utiliza en Puppet Enterprise, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con el comando mco ping."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"5E0EB05D-AE08-45A2-AEBE-7BA8C8A7FC6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"474D09A3-335E-4DEF-8E42-B1A51312D20E"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.1:*:*:*:*:*:*:*","matchCriteriaId":"A41B514E-4982-4F62-AD7F-E76575E186A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.2:*:*:*:*:*:*:*","matchCriteriaId":"24135E65-DC11-4F51-B511-264E5D55CDFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.3:*:*:*:*:*:*:*","matchCriteriaId":"42F60001-AB26-4859-B5FB-F9A5AC16DEF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.4:*:*:*:*:*:*:*","matchCriteriaId":"7AFD6C37-2A11-4B3B-AEC2-C7F278086DEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.5:*:*:*:*:*:*:*","matchCriteriaId":"953ACD12-7530-4A0D-9495-BD274162397E"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.6:*:*:*:*:*:*:*","matchCriteriaId":"DC349A07-F050-47BB-9B9B-44AF15624F29"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.7:*:*:*:*:*:*:*","matchCriteriaId":"01C08F38-8B61-461D-AEB8-C34898C7702A"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:marionette_collective:2.8.8:*:*:*:*:*:*:*","matchCriteriaId":"D8F32EA9-939E-4E8B-8DD6-D66929AC3C8A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8.0","versionEndExcluding":"3.8.6","matchCriteriaId":"E8B9E094-D386-4B81-8A62-577B5FA1B73E"},{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","versionStartIncluding":"2016.2.0","versionEndExcluding":"2016.2.1","matchCriteriaId":"57C3DF70-5EFE-4A95-846C-75DBBDCBB7F4"}]}]}],"references":[{"url":"https://puppet.com/security/cve/cve-2016-2788","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://puppet.com/security/cve/cve-2016-2788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-3616","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file."},{"lang":"es","value":"La utilidad cjpeg en libjpeg permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) o ejecutar código arbitrario a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:7.4:*:*:*:*:*:*:*","matchCriteriaId":"06C45810-2B87-4FE7-9660-51DD4EAC8B35"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*","matchCriteriaId":"041F9200-4C01-4187-AE34-240E8277B54D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","matchCriteriaId":"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","matchCriteriaId":"07C312A0-CD2C-4B9C-B064-6409B25C278F"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2019:2052","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1318509","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319661","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3706-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3706-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:2052","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1318509","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319661","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3706-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3706-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-3995","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks."},{"lang":"es","value":"La protección de ataque de tiempo en Rijndael::Enc::ProcessAndXorBlock y Rijndael::Dec::ProcessAndXorBlock en Crypto ++ (también conocido como cryptopp) en versiones anteriores a 5.6.4 puede ser optimizado por el compilador, lo que permite a atacantes realizar ataques de tiempo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cryptopp:crypto\\+\\+:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.3","matchCriteriaId":"91592D18-540A-4D47-98CD-4299F268103D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/11/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/85975","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/weidai11/cryptopp/issues/146","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/11/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/85975","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/weidai11/cryptopp/issues/146","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-4546","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call."},{"lang":"es","value":"Los dispositivos Samsung con Android KK(4.4) o L(5.0/5.1) permiten a usuarios locales provocar una denegación de servicio (caída del servicio IAndroidShm) a través de datos manipulados en una llamada de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*","matchCriteriaId":"68B4FF3D-35CC-4E86-A6EE-D065D654FC4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"A13E2E2D-41E2-4CF7-A019-6B462A614271"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"DD99CD57-C55D-4812-8F9C-5ACE7555C086"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-4547","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C."},{"lang":"es","value":"Los dispositivos Samsung con Android KK(4.4), L(5.0 / 5.1) o M(6.0) permiten a atacantes provocar una denegación de servicio (caída del sistema) a través de una llamada de sistema manipulada a TvoutService_C."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*","matchCriteriaId":"68B4FF3D-35CC-4E86-A6EE-D065D654FC4A"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*","matchCriteriaId":"A13E2E2D-41E2-4CF7-A019-6B462A614271"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*","matchCriteriaId":"DD99CD57-C55D-4812-8F9C-5ACE7555C086"},{"vulnerable":true,"criteria":"cpe:2.3:o:samsung:samsung_mobile:6.0:*:*:*:*:*:*:*","matchCriteriaId":"ABD6EA64-6B65-4487-914F-9EF9CBB78211"}]}]}],"references":[{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/06/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5100","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value."},{"lang":"es","value":"Froxlor en versiones anteriores a 0.9.35 utiliza la función rand de PHP para la generación de números aleatorios, lo que facilita a atacantes remotos adivinar el token de restablecimiento de contraseña mediante la predicción de un valor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-330"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*","versionEndIncluding":"0.9.34.2","matchCriteriaId":"176CAE64-5DA7-4AF6-8733-E98E895F01A7"}]}]}],"references":[{"url":"https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/Froxlor/Froxlor/commit/da4ec3e1b591de96675817a009e26e05e848a6ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-6129","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.660","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a Bleichenbacher signature forgery attack."},{"lang":"es","value":"La función rsa_verify_hash_ex en rsa_verify_hash.c en LibTomCrypt, como se utiliza en OP-TEE en versiones anteriores a 2.2.0, no valida que la longitud del mensaje es igual a la longitud de datos codificados en ASN.1, lo que facilita a atacantes remotos falsificar firmas RSA o certificados públicos aprovechando un ataque de falsificación de firma de Bleichenbacher."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:op-tee:op-tee_os:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.0","matchCriteriaId":"364B7182-4FA7-46EE-A85F-CB80D6BED77D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtom:libtomcrypt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.17","matchCriteriaId":"B032B8F5-69A1-40CD-A3CE-97C69CB65E03"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1370955","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.op-tee.org/advisories/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1370955","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.op-tee.org/advisories/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7565","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter."},{"lang":"es","value":"install/index.php en Exponent CMS 2.3.9 permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el parámetro sc array."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:exponentcms:exponent_cms:2.3.9:*:*:*:*:*:*:*","matchCriteriaId":"12FDDF33-2B21-4F8A-AB9A-01857197E810"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/22/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/changesets/4ae457ff1bf80e8b61286cd125ca794b25564e86","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/commit/4ae457ff1bf80e8b61286cd125ca794b25564e86","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/22/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://exponentcms.lighthouseapp.com/projects/61783/changesets/4ae457ff1bf80e8b61286cd125ca794b25564e86","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/commit/4ae457ff1bf80e8b61286cd125ca794b25564e86","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8659","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket."},{"lang":"es","value":"Bubblewrap en versiones anteriores a 0.1.3 establece la bandera PR_SET_DUMPABLE, lo que podría permitir a usuarios locales obtener privilegios adjuntando al proceso, como se demuestra enviando comandos a un socket PrivSep."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bubblewrap_project:bubblewrap:*:*:*:*:*:*:*:*","versionEndIncluding":"0.1.1","matchCriteriaId":"D659B1C4-794E-44CB-AE2F-36DBC34173A0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/13/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93542","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/projectatomic/bubblewrap/issues/107","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/12/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/13/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93542","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/projectatomic/bubblewrap/issues/107","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8859","sourceIdentifier":"cve@mitre.org","published":"2017-02-13T18:59:00.753","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write."},{"lang":"es","value":"Múltiples desbordamientos de enteros en la librería TRE y musl libc permiten a atacantes provocar corrupción de memoria a través de un gran número de (1) estados o (2) etiquetas, lo que desencadena una escritura fuera de límites."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:etalabs:musl:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.15","matchCriteriaId":"2CB79AB4-A363-48EB-BC67-A49DA19FB41C"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/19/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/19/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93795","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-11","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/202007-43","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/19/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93795","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202007-43","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10224","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Sauter NovaWeb web HMI. The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user."},{"lang":"es","value":"Ha sido descubierto un problema en Sauter NovaWeb web HMI. La aplicación utiliza un mecanismo de protección que depende de la existencia o valores de una cookie, pero no garantiza adecuadamente que la cookie sea válida para el usuario asociado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sauter-controls:novaweb_web_hmi:*:*:*:*:*:*:*:*","matchCriteriaId":"D59C3424-FDC7-4315-81B9-9D54C26854E9"}]}]}],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-2274","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output; this could allow for cross-site scripting."},{"lang":"es","value":"Ha sido descubierto un problema en Adcon Telemetry A850 Telemetry Gateway Base Station. La Interfaz Web no neutraliza o neutraliza incorrectamente la entrada controlable por el usuario antes de que se coloque en la salida; esto podría permitir secuencias de comandos en sitios cruzados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:adcon_telemetry:a850_telemetry_gateway_base_station_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CBD5A95B-4803-438F-BC12-0A507D0AB52A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:adcon_telemetry:a850_telemetry_gateway_base_station:-:*:*:*:*:*:*:*","matchCriteriaId":"C577B383-08D4-471F-A110-CB3704DF3945"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94781","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5782","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate 120, and LGate 320. Locus Energy meters use a PHP script to manage the energy meter parameters for voltage monitoring and network configuration. The PHP code does not properly validate information that is sent in the POST request."},{"lang":"es","value":"Ha sido descubierto un problema en Locus Energy LGate en versiones anteriores a 1.05H, LGate 50, LGate 100, LGate 101, LGate 120 y LGate 320. Medidores Locus Energy utilizan secuencias de comandos PHP para gestionar los parámetros del medidor de energía para el control de voltaje y configuración de red. El código PHP no valida adecuadamente la información que es enviada en la solicitud POST."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:locusenergy:lgate_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"CA8AE7BB-4AAC-45E2-A194-8D72C4A5DD6D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:locusenergy:lgate_100:-:*:*:*:*:*:*:*","matchCriteriaId":"7EB68DEF-2A97-42C8-BA73-43C97BAD2F8A"},{"vulnerable":false,"criteria":"cpe:2.3:h:locusenergy:lgate_101:-:*:*:*:*:*:*:*","matchCriteriaId":"9DB10815-4C28-4DC1-9525-6B9D5BCC4E60"},{"vulnerable":false,"criteria":"cpe:2.3:h:locusenergy:lgate_120:-:*:*:*:*:*:*:*","matchCriteriaId":"3059C40F-AF97-4D7E-9470-C6791CF0154C"},{"vulnerable":false,"criteria":"cpe:2.3:h:locusenergy:lgate_320:-:*:*:*:*:*:*:*","matchCriteriaId":"D2F42CBC-A4F1-4078-8E18-D6EF2238194D"},{"vulnerable":false,"criteria":"cpe:2.3:h:locusenergy:lgate_50:-:*:*:*:*:*:*:*","matchCriteriaId":"051167FD-3CF8-4D76-955C-C77066D156A4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94698","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/94782","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94698","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/94782","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-231-01-0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5786","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials."},{"lang":"es","value":"Ha sido descubierto un problema en OmniMetrix OmniView, Versión 1.2. La aplicación web OmniView transmite credenciales con el protocolo HTTP, lo que podría ser espiado por un atacante que podría resultar en el comprometimiento de las credenciales de la cuenta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omnimetrix:omniview:1.2:*:*:*:*:*:*:*","matchCriteriaId":"051C0CF8-4C7E-4086-B0CB-37E95263BF3C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94937","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5796","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. Sending additional valid packets could allow the attacker to cause a crash or to execute arbitrary code, because of Improper Restriction of Operations within the Bounds of a Memory Buffer."},{"lang":"es","value":"Ha sido descubierto un problema en Fatek Automation PM Designer V3 Versión 2.1.2.2 y Automation FV Designer Versión 1.2.8.0. El envío de paquetes válidos adicionales podría permitir al atacante provocar un bloqueo o ejecutar código arbitrario, debido a la restricción inadecuada de operaciones dentro de los límites de un búfer de memoria."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fatek:automation_fv_designer:1.2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"7932FA19-56F5-45CF-AD87-89F1154BD26C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fatek:automation_pm_designer:2.1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"72BEB7C7-E994-41D6-8C54-F1DC2C0CAFBF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93105","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5798","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0. By sending additional valid packets, an attacker could trigger a stack-based buffer overflow and cause a crash. Also, a malicious attacker can trigger a remote buffer overflow on the Fatek Communication Server."},{"lang":"es","value":"Ha sido descubierto un problema en Fatek Automation PM Designer V3 Versión 2.1.2.2 y Automation FV Designer Versión 1.2.8.0. Enviando paquetes adicionales válidos, un atacante podría desencadenar un desbordamiento de búfer basado en pila y provocar una caída. Además, un atacante malicioso puede desencadenar un desbordamiento de búfer remoto en el Fatek Communication Server."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fatek:automation_fv_designer:1.2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"7932FA19-56F5-45CF-AD87-89F1154BD26C"},{"vulnerable":true,"criteria":"cpe:2.3:a:fatek:automation_pm_designer:2.1.2.2:*:*:*:*:*:*:*","matchCriteriaId":"72BEB7C7-E994-41D6-8C54-F1DC2C0CAFBF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93105","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93105","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5801","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for the OmniView web application may allow an attacker to gain access by brute forcing account passwords."},{"lang":"es","value":"Ha sido descubierto un problema en OmniMetrix OmniView, Versión 1.2. Requisitos de contraseña insuficientes para la aplicación web OmniView pueden permitir a un atacante obtener acceso forzando contraseñas de cuentas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:omnimetrix:omniview:1.2:*:*:*:*:*:*:*","matchCriteriaId":"051C0CF8-4C7E-4086-B0CB-37E95263BF3C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94937","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94937","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5802","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software."},{"lang":"es","value":"Ha sido descubierto un problema en Delta Electronics WPLSoft, versiones anteriores a V2.42.11, ISPSoft, versiones anteriores a 3.02.11 y PMSoft, versiones anteriores a 2.10.10. Múltiples instancias de condiciones de escritura fuera de límites pueden permitir que archivos maliciosos sean leídos y ejecutados por el software afectado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:ispsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"B7F63815-E796-4AE8-9D6D-E2CB3D942396"},{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:pmsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"05F9B4DC-9477-462D-A4DC-8769E42882E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:wplsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"4144F07E-FB45-469E-867B-0679735B36E0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94887","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94887","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5803","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unified Infrastructure Management software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as \"..\" that can resolve to a location that is outside of that directory."},{"lang":"es","value":"Ha sido descubierto un problema en CA Unified Infrastructure Management Versión 8.47 y versiones anteriores. El software Unified Infrastructure Management utiliza entrada externa para construir un nombre de ruta que debería estar dentro de un directorio restringido, pero no neutraliza adecuadamente secuencias como \"..\" que puede resolver a una ubicación que está fuera de ese directorio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ca_technologies:unified_infrastructure_management:*:*:*:*:*:*:*:*","versionEndIncluding":"8.47","matchCriteriaId":"A10DAACF-97FB-428C-8B78-2BDC31B3F04C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94243","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/94243","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-315-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-01-security-notice-for-ca-unified-infrastructure-mgmt.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5805","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a denial of service."},{"lang":"es","value":"Ha sido descubierto un problema en Delta Electronics WPLSoft, versiones anteriores a V2.42.11, ISPSoft, versiones anteriores a 3.02.11 y PMSoft, versiones anteriores a 2,10.10. Existen múltiples instancias de desbordamientos de búfer basados en memoria dinámica que pueden permitir que los archivos maliciosos provoquen la ejecución de código arbitrario o una denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:ispsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"B7F63815-E796-4AE8-9D6D-E2CB3D942396"},{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:pmsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"05F9B4DC-9477-462D-A4DC-8769E42882E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:delta_electronics:wplsoft:-:*:*:*:*:*:*:*","matchCriteriaId":"4144F07E-FB45-469E-867B-0679735B36E0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94887","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94887","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5809","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token generated to authenticate the user during a session. Successful exploitation of this vulnerability can allow unauthorized configuration changes to be made and saved."},{"lang":"es","value":"Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. No hay Token CSRF generado para autenticar al usuario durante una sesión. La explotación exitosa de esta vulnerabilidad puede permitir que se realicen y se guarden cambios de configuración no autorizados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*","matchCriteriaId":"B0DA1F9F-A898-4059-93FB-05F5C28280E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*","matchCriteriaId":"5DD65F3D-EB57-4AB3-BB33-81B42D460AC4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*","matchCriteriaId":"9DC9074B-EA61-4D44-8A16-9E117138629A"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*","matchCriteriaId":"CFC7C001-9AB5-453F-BC3B-5544627B06CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*","matchCriteriaId":"1DA97CA0-DDE0-4418-9D72-7D463C003693"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*","matchCriteriaId":"B3449157-3715-4D89-A3BD-49EE47160B25"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/92916","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/44640/","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/92916","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/44640/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5811","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIPTING)."},{"lang":"es","value":"Ha sido descubierto un problema en Visonic PowerLink2, todas las versiones anteriores a la versión de firmware de octubre de 2016. La entrada controlada por el usuario no se neutraliza antes de ser colocada en la salida de la página web (CROSS-SITE SCRIPTING)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:visonic:powerlink2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4D1C970-1942-4EB6-8CA4-17E6B66E96F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:visonic:powerlink2:-:*:*:*:*:*:*:*","matchCriteriaId":"B5F51142-2C8F-44F6-988B-6A0C0F822B56"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94894","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94894","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5813","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. When a specific URL to an image is accessed, the downloaded image carries with it source code used in the web server (INFORMATION EXPOSURE)."},{"lang":"es","value":"Ha sido descubierto un problema en Visonic PowerLink2, todas las versiones anteriores a la versión de firmware de octubre de 2016. Cuando se accede a una URL específica hacia una imagen, la imagen descargada lleva consigo código fuente utilizado en el servidor web (INFORMATION EXPOSURE)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:visonic:powerlink2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"E4D1C970-1942-4EB6-8CA4-17E6B66E96F1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:visonic:powerlink2:-:*:*:*:*:*:*:*","matchCriteriaId":"B5F51142-2C8F-44F6-988B-6A0C0F822B56"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94894","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94894","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5815","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes."},{"lang":"es","value":"Ha sido descubierto un problema en los medidores de potencia de las series IONXXXX, ION73XX, ION75XX, ION76XX, ION8650, ION8800 y PM5XXX de Schneider Electric. Ninguna autenticación está configurada de forma predeterminada. Un usuario no autorizado puede acceder al portal de administración de dispositivo y realizar cambios de configuración."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion5000:-:*:*:*:*:*:*:*","matchCriteriaId":"B0DA1F9F-A898-4059-93FB-05F5C28280E1"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7300:-:*:*:*:*:*:*:*","matchCriteriaId":"5DD65F3D-EB57-4AB3-BB33-81B42D460AC4"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7500:-:*:*:*:*:*:*:*","matchCriteriaId":"9DC9074B-EA61-4D44-8A16-9E117138629A"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion7600:-:*:*:*:*:*:*:*","matchCriteriaId":"CFC7C001-9AB5-453F-BC3B-5544627B06CF"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion8650:-:*:*:*:*:*:*:*","matchCriteriaId":"1DA97CA0-DDE0-4418-9D72-7D463C003693"},{"vulnerable":true,"criteria":"cpe:2.3:h:schneider-electric:ion8800:-:*:*:*:*:*:*:*","matchCriteriaId":"B3449157-3715-4D89-A3BD-49EE47160B25"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94091","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94091","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-5818","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented hard-coded credentials allow access to the device."},{"lang":"es","value":"Ha sido descubierto un problema en el dispositivo Schneider Electric PowerLogic PM8ECC 2.651 y versiones anteriores. Las credenciales codificadas en blanco no documentadas permiten el acceso al dispositivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:powerlogic_pm8ecc_firmware:2.651:*:*:*:*:*:*:*","matchCriteriaId":"75CD51C1-4DB2-4A7E-BB95-7B9552B42AC9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:powerlogic_pm8ecc:-:*:*:*:*:*:*:*","matchCriteriaId":"38BF2D7A-492B-4A0C-A841-A245C5657192"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93602","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93602","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-292-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-7987","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Siemens ETA4 firmware (all versions prior to Revision 08) of the SM-2558 extension module for: SICAM AK, SICAM TM 1703, SICAM BC 1703, and SICAM AK 3. Specially crafted packets sent to Port 2404/TCP could cause the affected device to go into defect mode. A cold start might be required to recover the system, a Denial-of-Service Vulnerability."},{"lang":"es","value":"Ha sido descubierto un problema en el firmware ETA4 de Siemens (todas las versiones anteriores a la Revisión 08) del módulo de extensión SM-2558 para: SICAM AK, SICAM TM 1703, SICAM BC 1703 y SICAM AK 3. Paquetes especialmente manipulados enviados al puerto 2404/TCP podrían provocar que el dispositivo afectado entre en el modo por defecto. Podría requerirse un arranque en frío para recuperar el sistema, una vulnerabilidad de denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:eta4_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"07","matchCriteriaId":"5EA28B91-4553-4165-AE38-3E7820C45FBC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_ak:-:*:*:*:*:*:*:*","matchCriteriaId":"BF173EA8-4050-442C-991A-F7BCD90F4E3A"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_ak_3:-:*:*:*:*:*:*:*","matchCriteriaId":"386B68A7-7CED-462F-920A-3698544870BD"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_bc_1703:-:*:*:*:*:*:*:*","matchCriteriaId":"79201233-A2CE-42FC-8126-E708185D762D"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_tm_1703:-:*:*:*:*:*:*:*","matchCriteriaId":"708500F5-BB94-456E-A213-AC714B9D3805"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:siemens:eta2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"AFA0D321-2406-4295-B5A5-1A4255A73561"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_ak:-:*:*:*:*:*:*:*","matchCriteriaId":"BF173EA8-4050-442C-991A-F7BCD90F4E3A"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_bc:-:*:*:*:*:*:*:*","matchCriteriaId":"94FF6E3F-04F2-4A9B-9E57-B3E8A2F43F85"},{"vulnerable":false,"criteria":"cpe:2.3:h:siemens:sicam_tm:-:*:*:*:*:*:*:*","matchCriteriaId":"2D18DC69-74D2-4262-9B4F-2AFF70EED540"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93832","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93832","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-299-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8341","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands."},{"lang":"es","value":"Ha sido descubierto un problema en Ecava IntegraXor Versión 5.0.413.0. El servidor web Ecava IntegraXor tiene parámetros que son vulnerables a la inyección de SQL. Si las consultas no se desinfectan, la base de datos del host podría estar sujeta a comandos de lectura, escritura y borrado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ecava:integraxor:5.0.413.0:*:*:*:*:*:*:*","matchCriteriaId":"C1799D06-1DD1-4565-B1A0-6504D705D475"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95907","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8344","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell Experion Process Knowledge System (PKS) platform: Experion PKS, Release 3xx and prior, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430, and Experion PKS, Release 431. Experion PKS does not properly validate input. By sending a specially crafted packet, an attacker could cause the process to terminate. A successful exploit would prevent firmware uploads to the Series-C devices."},{"lang":"es","value":"Ha sido descubierto un problema en la plataforma Honeywell Experion Process Knowledge System (PKS): Experion PKS, Release 3xx y versiones anteriores, Experion PKS, Release 400, Experion PKS, Release 410, Experion PKS, Release 430 y Experion PKS, Release 431. Experion PKS No valida adecuadamente la entrada. Enviando un paquete especialmente manipulado, un atacante podría provocar que el proceso termine. Una explotación exitosa impediría cargas de firmware a los dispositivos de la Serie C."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"311","matchCriteriaId":"32AD7777-22F4-4099-839B-DAEAA2A5974B"},{"vulnerable":true,"criteria":"cpe:2.3:a:honeywell:experion_process_knowledge_system:410:*:*:*:*:*:*:*","matchCriteriaId":"78596F1B-105A-49E6-BA88-4FD7B3E77F9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:honeywell:experion_process_knowledge_system:430:*:*:*:*:*:*:*","matchCriteriaId":"90438882-38D1-4C4E-9018-A42E7E42C4FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:honeywell:experion_process_knowledge_system:431:*:*:*:*:*:*:*","matchCriteriaId":"D08E8D07-5539-4608-94C7-4A5F44B4EC8C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:honeywell:experion_process_knowledge_system:*:*:*:*:*:*:*:*","versionEndIncluding":"411","matchCriteriaId":"B633CF96-C485-47EC-8986-F090642EA236"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93950","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93950","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-301-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8346","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa EDR-810 Industrial Secure Router. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access configuration and log files (PRIVILEGE ESCALATION)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa EDR-810 Industrial Secure Router. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malintencionado puede acceder a los archivos de configuración y de registro (PRIVILEGE ESCALATION)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:edr-810_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12","matchCriteriaId":"0CDC2945-7457-4579-BDF7-884F42070FB2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*","matchCriteriaId":"2A6BD14C-FD19-4AF7-A221-91B1A49C0A58"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:edr-810-vpn:-:*:*:*:*:*:*:*","matchCriteriaId":"E7C78F30-6F2C-4257-8094-7ACE5E2818D2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93800","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93800","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-294-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8347","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.673","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. WDC does not limit authentication attempts that may allow a brute force attack method."},{"lang":"es","value":"Ha sido descubierto un problema en la aplicación WebDatorCentral (WDC) de Kabona AB en versiones anteriores a la Versión 3.4.0. WDC no limita los intentos de autenticación lo que puede permitir un método de ataque de fuerza bruta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kabona_ab:webdatorcentral:-:*:*:*:*:*:*:*","matchCriteriaId":"1DE79A94-3FD9-4E3C-B866-37CF5DDA2587"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93547","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8348","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An XML External Entity (XXE) issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network."},{"lang":"es","value":"Ha sido descubierto un problema de XXE en Emerson Liebert SiteScan Versión Web 6.5 y anteriores. Un atacante puede ingresar una entrada malintencionada a Liebert SiteScan a través de un analizador XML débilmente configurado, provocando que la aplicación ejecute código arbitrario o revele el contenidos de archivos desde un servidor o una red conectada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emerson:liebert_sitescan_web:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"9FC286A2-E85E-447A-80BD-60E5332F9B08"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94587","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94587","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8350","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application may not sufficiently verify whether a request was provided by a valid user (CROSS-SITE REQUEST FORGERY)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa ioLogik E1210, firmware Versión V2.4 y anterior, ioLogik E1211, firmware Versión V2.3 y anteriores, ioLogik E1212, firmware Versión V2.4 y anteriores, ioLogik E1213, firmware Versión V2.5 y anteriores, IoLogik E1214, firmware Versión V2.4 y anteriores, ioLogik E1240, firmware Versión V2.3 y anteriores, ioLogik E1241, firmware Versión V2.4 y anteriores, ioLogik E1242, firmware Versión V2.4 y anteriores, ioLogik E1260, firmware Versión V2 .4 y anteriores, ioLogik E1262, versiones de firmware V2.4 y anteriores, ioLogik E2210, versiones de firmware anteriores a V3.13, ioLogik E2212, versiones de firmware anteriores a V3.14, ioLogik E2214, versiones de firmware anteriores a V3.12, ioLogik E2240, versiones de firmware anteriores a V3.12, ioLogik E2242, versiones de firmware anteriores a V3.12, ioLogik E2260, versiones de firmware anteriores a V3.13 y ioLogik E2262, versiones de firmware anteriores a V3.12. Es posible que la aplicación web no verifique suficientemente si una solicitud fue proporcionada por un usuario válido (CROSS-SITE REQUEST FORGERY)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4","matchCriteriaId":"DCDDD74B-F96C-41AB-AA34-F86A29B00A18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*","matchCriteriaId":"67DDCD42-10D5-46B2-AB91-66EF30D5D645"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*","matchCriteriaId":"616E5D0B-0D3A-4808-8C15-2FDC35E8605C"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*","matchCriteriaId":"A0837606-60F7-4563-8F80-AE7C1CC3F469"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*","matchCriteriaId":"3239D045-8A7C-4407-B77C-E82C178D8B90"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*","matchCriteriaId":"5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*","matchCriteriaId":"B0B4FA04-BF84-4B8A-A295-0312A3790F2E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*","matchCriteriaId":"3366C39B-50FD-497B-A6A1-875CEB8913C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"A83428D7-5341-4A92-8D18-F37B9D832B64"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*","matchCriteriaId":"308E46FB-488A-4907-9A69-AACDE23A3394"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*","matchCriteriaId":"77A9D90D-0419-410C-AF65-0FFE0FF2882F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"CD8AFCCE-B83F-4756-B8CB-D7FC1C829B7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*","matchCriteriaId":"9AAE4F4E-779C-401F-A75E-AC66757DD313"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.11","matchCriteriaId":"62B1218A-B9FD-41C1-8CD6-FEF3DA183BE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2214:-:*:*:*:*:*:*:*","matchCriteriaId":"A95D941B-95C8-461B-8E96-0B6EC3A46AA9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2240:-:*:*:*:*:*:*:*","matchCriteriaId":"94F2BAE6-8A3C-4A1B-871A-3EF069C643C4"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2242:-:*:*:*:*:*:*:*","matchCriteriaId":"340A9411-F756-493C-8F95-7218C3F8548E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2262:-:*:*:*:*:*:*:*","matchCriteriaId":"BD47951B-A792-48E4-A8B1-D19616177FA4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12","matchCriteriaId":"C9D3E455-D965-495E-9912-EDE6E2FC64F5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2210:-:*:*:*:*:*:*:*","matchCriteriaId":"861285B9-D63C-42A7-B694-A6F68DF5489B"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2260:-:*:*:*:*:*:*:*","matchCriteriaId":"B7FE3E7C-F4A3-46EC-B823-2D2B9E0EDF37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"957E228F-7C70-4A52-A265-C45685945711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2212:-:*:*:*:*:*:*:*","matchCriteriaId":"38D2B0D8-AD5E-4C19-8AA7-37B471342BA3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93550","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93550","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8352","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.767","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric ConneXium firewalls TCSEFEC23F3F20 all versions, TCSEFEC23F3F21 all versions, TCSEFEC23FCF20 all versions, TCSEFEC23FCF21 all versions, and TCSEFEC2CF3F20 all versions. A stack-based buffer overflow can be triggered during the SNMP login authentication process that may allow an attacker to remotely execute code."},{"lang":"es","value":"Ha sido descubierto un problema en los cortafuegos Schneider Electric ConneXium TCSEFEC23F3F20 todas las versiones, TCSEFEC23F3F21 todas las versiones, TCSEFEC23FCF20 todas las versiones, TCSEFEC23FCF21 todas las versiones, y TCSEFEC2CF3F20 todas las versiones. Un desbordamiento de búfer basado en pila puede ser desencadenado durante el proceso de autenticación de inicio de sesión SNMP que puede permitir a un atacante ejecutar código remotamente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:connexium_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0393FFB-DB2B-4C4E-95F2-CA1211467964"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tcsefec23f3f20:-:*:*:*:*:*:*:*","matchCriteriaId":"98AE5D38-8266-4E4A-B52F-9CBEB022DD74"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tcsefec23f3f21:-:*:*:*:*:*:*:*","matchCriteriaId":"9E89FA24-0128-4DF4-BFFF-0FD2C8E0386F"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tcsefec23fcf20:-:*:*:*:*:*:*:*","matchCriteriaId":"7920453C-8B00-4E88-AB28-F051CEC2D0BA"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tcsefec23fcf21:-:*:*:*:*:*:*:*","matchCriteriaId":"AE3371CC-A330-4777-887A-2ED11FE1A039"},{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:tcsefec2cf3f20:-:*:*:*:*:*:*:*","matchCriteriaId":"2BFDA3E0-E594-413D-98CB-5409FDBE60E4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94062","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94062","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8353","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.813","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions."},{"lang":"es","value":"Ha sido descubierto un problema en OSIsoft PI Web API 2015 R2 (Versión 1.5.1). Hay una debilidad en este producto que puede permitir a un atacante acceder al sistema PI sin los permisos adecuados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osisoft:pi_web_api_2015_r2:1.5.1:*:*:*:*:*:*:*","matchCriteriaId":"309C654F-D987-4F38-B145-ABB6EA22398C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93552","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8354","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity project file can make the simulator execute malicious code by redirecting the control flow of these instructions."},{"lang":"es","value":"Ha sido descubierto un problema en Schneider Electric Unity PRO en versiones anteriores a V11.1. Los proyectos Unity se pueden compilar como instrucciones x86 y cargarse en el PLC Simulator entregado con Unity PRO. Estas instrucciones x86 son posteriormente ejecutadas directamente por el simulador. Un archivo de proyecto Unity parcheado especialmente manipulado puede hacer que el simulador ejecute código malicioso redirigiendo el flujo de control de estas instrucciones."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:unity_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"63838F65-4D36-4994-88CD-12E29E7AC475"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93830","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93830","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8356","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.893","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. The web server URL inputs are not sanitized correctly, which may allow cross-site scripting vulnerabilities."},{"lang":"es","value":"Ha sido descubierto un problema en la aplicación Kabona AB WebDatorCentral (WDC) en versiones anteriores a la Versión 3.4.0. Las entradas de URL del servidor web no se desinfectan correctamente, lo que puede permitir vulnerabilidades de secuencias de comandos en sitios cruzados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kabona_ab:webdatorcentral:-:*:*:*:*:*:*:*","matchCriteriaId":"1DE79A94-3FD9-4E3C-B866-37CF5DDA2587"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93547","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8357","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.923","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application."},{"lang":"es","value":"Ha sido descubierto un problema en las versiones Lynxspring JENEsys BAS Bridge 1.1.8 y versiones anteriores. Un usuario con acceso sólo de lectura puede enviar comandos al software y la aplicación aceptará dichos comandos. Esto permitiría a un atacante con acceso sólo de lectura realizar cambios dentro de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lynxspring:jenesys_bas_bridge:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.8","matchCriteriaId":"1D06C1C3-7080-4869-B846-4EB86A05646F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94344","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8359","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa ioLogik E1210, firmware Versión V2.4 y anteriores, ioLogik E1211, firmware Versión V2.3 y anteriores, ioLogik E1212, firmware Versión V2.4 y anteriores, ioLogik E1213, firmware Versión V2.5 y anteriores, IoLogik E1214, firmware Versión V2.4 y anteriores, ioLogik E1240, firmware Versión V2.3 y anteriores, ioLogik E1241, firmware Versión V2.4 y anteriores, ioLogik E1242, firmware Versión V2.4 y anteriores, ioLogik E1260, firmware Versión V2 .4 y anteriores, ioLogik E1262, versiones de firmware V2.4 y anteriores, ioLogik E2210, versiones de firmware anteriores a V3.13, ioLogik E2212, versiones de firmware anteriores a V3.14, ioLogik E2214, versiones de firmware anteriores a V3.12, ioLogik E2240, versiones de firmware anteriores a V3.12, ioLogik E2242, versiones de firmware anteriores a V3.12, ioLogik E2260, versiones de firmware anteriores a V3.13 y ioLogik E2262, versiones de firmware anteriores a V3.12. La aplicación web no puede desinfectar la entrada del usuario, lo que puede permitir a un atacante inyectar secuencias de comandos o ejecutar código arbitrario (CROSS-SITE SCRIPTING)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4","matchCriteriaId":"DCDDD74B-F96C-41AB-AA34-F86A29B00A18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*","matchCriteriaId":"67DDCD42-10D5-46B2-AB91-66EF30D5D645"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*","matchCriteriaId":"616E5D0B-0D3A-4808-8C15-2FDC35E8605C"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*","matchCriteriaId":"A0837606-60F7-4563-8F80-AE7C1CC3F469"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*","matchCriteriaId":"3239D045-8A7C-4407-B77C-E82C178D8B90"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*","matchCriteriaId":"5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*","matchCriteriaId":"B0B4FA04-BF84-4B8A-A295-0312A3790F2E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*","matchCriteriaId":"3366C39B-50FD-497B-A6A1-875CEB8913C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"A83428D7-5341-4A92-8D18-F37B9D832B64"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*","matchCriteriaId":"308E46FB-488A-4907-9A69-AACDE23A3394"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*","matchCriteriaId":"77A9D90D-0419-410C-AF65-0FFE0FF2882F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"CD8AFCCE-B83F-4756-B8CB-D7FC1C829B7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*","matchCriteriaId":"9AAE4F4E-779C-401F-A75E-AC66757DD313"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.11","matchCriteriaId":"62B1218A-B9FD-41C1-8CD6-FEF3DA183BE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2214:-:*:*:*:*:*:*:*","matchCriteriaId":"A95D941B-95C8-461B-8E96-0B6EC3A46AA9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2240:-:*:*:*:*:*:*:*","matchCriteriaId":"94F2BAE6-8A3C-4A1B-871A-3EF069C643C4"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2242:-:*:*:*:*:*:*:*","matchCriteriaId":"340A9411-F756-493C-8F95-7218C3F8548E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2262:-:*:*:*:*:*:*:*","matchCriteriaId":"BD47951B-A792-48E4-A8B1-D19616177FA4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12","matchCriteriaId":"C9D3E455-D965-495E-9912-EDE6E2FC64F5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2210:-:*:*:*:*:*:*:*","matchCriteriaId":"861285B9-D63C-42A7-B694-A6F68DF5489B"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2260:-:*:*:*:*:*:*:*","matchCriteriaId":"B7FE3E7C-F4A3-46EC-B823-2D2B9E0EDF37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"957E228F-7C70-4A52-A265-C45685945711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2212:-:*:*:*:*:*:*:*","matchCriteriaId":"38D2B0D8-AD5E-4C19-8AA7-37B471342BA3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93550","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93550","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8360","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:00.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execution of arbitrary code."},{"lang":"es","value":"Ha sido descubierto un problema en las versiones de Moxa SoftCMS anteriores a la versión 1.6. Una solicitud de URL especialmente manipulada enviada al SoftCMS ASP Webserver puede provocar una doble condición libre en el servidor permitiendo a un atacante modificar ubicaciones de memoria y posiblemente provocar una denegación de servicio o la ejecución de código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"FA1F6404-5BE2-4A5C-9556-6F04E2BABDAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94394","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94394","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8361","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.033","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application uses a hard-coded username with no password allowing an attacker into the system without authentication."},{"lang":"es","value":"Ha sido descubierto un problema en las versiones Lynxspring JENEsys BAS Bridge 1.1.8 y versiones anteriores. La aplicación utiliza un nombre de usuario codificado sin contraseña permitiendo a un atacante en el sistema sin autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lynxspring:jenesys_bas_bridge:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.8","matchCriteriaId":"1D06C1C3-7080-4869-B846-4EB86A05646F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94344","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8362","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. Any user is able to download log files by accessing a specific URL."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series y AWK-5222/6222 Series. Cualquier usuario puede descargar archivos de inicio de sesión al acceder a una URL específica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:oncellg3470a-lte_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"6A676756-9CC8-42C7-BC4A-E4FCCF53B7BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:oncellg3470a-lte:-:*:*:*:*:*:*:*","matchCriteriaId":"C2A3DE50-80D1-4E90-80D1-33E83C9A1FDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-4131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"4A6B3BF5-E2DB-44C6-9D8E-E9B5898FA4FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-4131a:-:*:*:*:*:*:*:*","matchCriteriaId":"88B9713A-8F3E-4EC7-99E8-9108185E7488"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3191_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"98C00D7A-60C8-4F7A-A22D-72E637666989"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3191:-:*:*:*:*:*:*:*","matchCriteriaId":"561205EA-6B9D-4827-B809-4925432AFD9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-5232_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"DD7B8BAB-54DF-4FF7-A04A-BD37571CC07A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-5232:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE04EAB-152C-427C-BA82-7AE97E416EAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-6232_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"FE3E9CE8-3208-4DD8-AA9A-6DE3E661760F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-6232:-:*:*:*:*:*:*:*","matchCriteriaId":"289EBB12-E03C-434A-A68E-2212C0B5D204"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1121_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"4E4203F9-7662-4804-9274-C940FE4D97F7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1121:-:*:*:*:*:*:*:*","matchCriteriaId":"AD945F65-80CA-4ED7-880B-3D06F4D479C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1127_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"8295375B-40E3-42F1-8AA7-1DAE394D24E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1127:-:*:*:*:*:*:*:*","matchCriteriaId":"E07991A3-CAD2-4337-A2A0-876E51242F0F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:wac-1001_v2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"66538F74-C9D6-4F1F-9C3B-373D48AD18B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:wac-1001_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FA0FB0AC-3A69-4394-9D20-B18400511BE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:wac-2004_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"10D9F2B1-CC37-4543-8357-8192AE83F87E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:wac-2004:-:*:*:*:*:*:*:*","matchCriteriaId":"36B321C6-F7AF-48F4-8BDE-C42CD89383A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3121-m12-rtg_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"AF2A2C07-F45E-405F-8C01-DC91A117C49D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3121-m12-rtg:-:*:*:*:*:*:*:*","matchCriteriaId":"B13DD676-1FBC-4756-83C8-0384DFC8B361"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3131-m12-rcc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"0DBF3FB3-B778-4BF4-980D-AE79B068718D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3131-m12-rcc:-:*:*:*:*:*:*:*","matchCriteriaId":"456109D5-55EE-4165-A1BC-7438E3CF6387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-5232-m12-rcc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"9429A7E9-3C9E-4179-9EA3-8E48BE21D9DC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-5232-m12-rcc:-:*:*:*:*:*:*:*","matchCriteriaId":"BC7A45F4-18A1-439C-A959-90A2419857B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"A2D1B6E6-5A8F-4763-89EF-BEABE97D5FA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*","matchCriteriaId":"143AB2D7-E663-4F5D-A9EC-5E3A15B114E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"3000663D-46F1-461B-8786-5B8205A5D46E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1131a:-:*:*:*:*:*:*:*","matchCriteriaId":"F94F344A-75B6-4ED9-9A46-0350CB255461"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94092","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8363","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.080","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series y AWK-5222/6222 Series. El usuario puede ejecutar comandos arbitrarios de SO en el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:oncellg3470a-lte_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"6A676756-9CC8-42C7-BC4A-E4FCCF53B7BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:oncellg3470a-lte:-:*:*:*:*:*:*:*","matchCriteriaId":"C2A3DE50-80D1-4E90-80D1-33E83C9A1FDD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-4131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"4A6B3BF5-E2DB-44C6-9D8E-E9B5898FA4FD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-4131a:-:*:*:*:*:*:*:*","matchCriteriaId":"88B9713A-8F3E-4EC7-99E8-9108185E7488"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3191_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"98C00D7A-60C8-4F7A-A22D-72E637666989"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3191:-:*:*:*:*:*:*:*","matchCriteriaId":"561205EA-6B9D-4827-B809-4925432AFD9E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-5232_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"DD7B8BAB-54DF-4FF7-A04A-BD37571CC07A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-5232:-:*:*:*:*:*:*:*","matchCriteriaId":"1CE04EAB-152C-427C-BA82-7AE97E416EAD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-6232_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"05-30-2017","matchCriteriaId":"FE3E9CE8-3208-4DD8-AA9A-6DE3E661760F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-6232:-:*:*:*:*:*:*:*","matchCriteriaId":"289EBB12-E03C-434A-A68E-2212C0B5D204"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1121_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"4E4203F9-7662-4804-9274-C940FE4D97F7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1121:-:*:*:*:*:*:*:*","matchCriteriaId":"AD945F65-80CA-4ED7-880B-3D06F4D479C2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1127_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"8295375B-40E3-42F1-8AA7-1DAE394D24E2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1127:-:*:*:*:*:*:*:*","matchCriteriaId":"E07991A3-CAD2-4337-A2A0-876E51242F0F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:wac-1001_v2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"66538F74-C9D6-4F1F-9C3B-373D48AD18B5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:wac-1001_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"FA0FB0AC-3A69-4394-9D20-B18400511BE2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:wac-2004_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"10D9F2B1-CC37-4543-8357-8192AE83F87E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:wac-2004:-:*:*:*:*:*:*:*","matchCriteriaId":"36B321C6-F7AF-48F4-8BDE-C42CD89383A8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3121-m12-rtg_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"AF2A2C07-F45E-405F-8C01-DC91A117C49D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3121-m12-rtg:-:*:*:*:*:*:*:*","matchCriteriaId":"B13DD676-1FBC-4756-83C8-0384DFC8B361"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3131-m12-rcc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"0DBF3FB3-B778-4BF4-980D-AE79B068718D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3131-m12-rcc:-:*:*:*:*:*:*:*","matchCriteriaId":"456109D5-55EE-4165-A1BC-7438E3CF6387"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-5232-m12-rcc_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-29-2017","matchCriteriaId":"9429A7E9-3C9E-4179-9EA3-8E48BE21D9DC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-5232-m12-rcc:-:*:*:*:*:*:*:*","matchCriteriaId":"BC7A45F4-18A1-439C-A959-90A2419857B5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-3131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"A2D1B6E6-5A8F-4763-89EF-BEABE97D5FA4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*","matchCriteriaId":"143AB2D7-E663-4F5D-A9EC-5E3A15B114E0"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:awk-1131a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"10-31-2016","matchCriteriaId":"3000663D-46F1-461B-8786-5B8205A5D46E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:awk-1131a:-:*:*:*:*:*:*:*","matchCriteriaId":"F94F344A-75B6-4ED9-9A46-0350CB255461"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94092","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94092","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8364","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.110","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow."},{"lang":"es","value":"Ha sido descubierto un problema en IBHsoftec S7-SoftPLC anterior a la versión 4.12b. La memoria de objeto puede leer un paquete de red más grande que el espacio disponible, un desbordamiento de búfer basado en memoria dinámica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibhsoftec:s7-softplc:*:*:*:*:*:*:*:*","versionEndIncluding":"4.12","matchCriteriaId":"3D726B14-E8CB-4916-A350-0E8F18E9BA3E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94054","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-306-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8367","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker can open multiple connections to a targeted web server and keep connections open preventing new connections from being made, rendering the web server unavailable during an attack."},{"lang":"es","value":"Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx y STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede abrir múltiples conexiones en un servidor web objetivo y mantener las conexiones abiertas impidiendo que se hagan nuevas conexiones, dejando el servidor web inutilizable durante un ataque."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"67686731-11C6-4A70-86EA-C20D4A5E00C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"9338C7D9-7F38-4B34-BDB0-95563240A189"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"453B800A-F3A0-4B22-961E-67F2EBAB292D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"DDCA8937-DC4C-41C1-A1CC-BF4DA36C942D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6E0BA1A0-E0B9-46A0-86C4-4C82A2EFCFC9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"C4FFCC32-67D5-4120-8BA8-C56C860CFEE4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF991F7-68D1-489A-BEDF-468F38E8B481"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"88823BB1-E5A0-4835-943F-C13EEA51F77A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"50F7724E-7DBF-499B-BCD1-A02B86478555"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"126EDAD4-D08C-42B0-A621-596FCA27CF80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7B73A3B3-686C-4F64-A398-C4E810A36FF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*","matchCriteriaId":"6B98FB31-BF55-48EA-A284-627C431090CF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"48F17071-598B-4361-8AA4-E60DC1CF02AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"92DF2AF4-045C-4E8E-AF10-A3BC0C824419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"229C5A41-9D33-4224-9AD8-E4C683DDD7FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"735F7A66-E882-431B-B8C9-046289A20DF0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94093","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8368","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. The affected Ethernet interface module is connected to a MELSEC-Q PLC, which may allow a remote attacker to connect to the PLC via Port 5002/TCP and cause a denial of service, requiring the PLC to be reset to resume operation. This is caused by an Unrestricted Externally Accessible Lock."},{"lang":"es","value":"Ha sido descubierto un problema en las series Mitsubishi Electric Automation MELSEC-Q en módulos de interfaz Ethernet QJ71E71-100, todas las versiones, QJ71E71-B5, todas las versiones y QJ71E71-B2, todas las versiones. El módulo de interfaz Ethernet afectado está conectado a MELSEC-Q PLC, lo que puede permitir a un atacante remoto conectarse al PLC a través de Port 5002/TCP y provocar una denegación de servicio, requiriendo que el PLC sea reseteado para continuar operando. Esto se produce por un Unrestricted Externally Accessible Lock."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-662"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B02D732B-25E3-4D8A-872B-EC655195DE44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*","matchCriteriaId":"6FD1EB30-B1FC-49CC-97D7-739AA5E92E86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"579FA375-1A72-4A5D-BC3E-285CBA5BD1A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*","matchCriteriaId":"E6C571AE-9A2B-4673-90C1-A369B91E74FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DA33198-3964-490A-B4CE-388FC4C585FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB98436-7C3D-480C-927B-1D55DB1404B7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94632","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94632","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8369","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application does not sufficiently verify if a request was intentionally provided by the user who submitted the request (CROSS-SITE REQUEST FORGERY)."},{"lang":"es","value":"Ha sido descubierto un problema en Lynxspring JENEsys BAS Bridge en las versiones 1.1.8 y anteriores. La aplicación no verifica suficientemente si la petición fue proporcionada intencionadamente por el usuario que envió la petición (CROSS-SITE REQUEST FORGERY)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lynxspring:jenesys_bas_bridge:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.8","matchCriteriaId":"1D06C1C3-7080-4869-B846-4EB86A05646F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94344","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8370","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Mitsubishi Electric Automation MELSEC-Q series Ethernet interface modules QJ71E71-100, all versions, QJ71E71-B5, all versions, and QJ71E71-B2, all versions. Weakly encrypted passwords are transmitted to a MELSEC-Q PLC."},{"lang":"es","value":"Ha sido descubierto un problema en las series Mitsubishi Electric Automation MELSEC-Q en módulos de interfaz Ethernet QJ71E71-100, todas las versiones, QJ71E71-B5, todas las versiones y QJ71E71-B2, todas las versiones. Las contraseñas cifradas débilmente son transmitidas a un MELSEC-Q PLC."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-100_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"B02D732B-25E3-4D8A-872B-EC655195DE44"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-100:-:*:*:*:*:*:*:*","matchCriteriaId":"6FD1EB30-B1FC-49CC-97D7-739AA5E92E86"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-b5_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"579FA375-1A72-4A5D-BC3E-285CBA5BD1A2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-b5:-:*:*:*:*:*:*:*","matchCriteriaId":"E6C571AE-9A2B-4673-90C1-A369B91E74FD"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mitsubishielectric:qj71e71-b2_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DA33198-3964-490A-B4CE-388FC4C585FE"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mitsubishielectric:qj71e71-b2:-:*:*:*:*:*:*:*","matchCriteriaId":"DCB98436-7C3D-480C-927B-1D55DB1404B7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94632","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94632","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8372","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. A password is transmitted in a format that is not sufficiently secure."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa ioLogik E1210, firmware Version V2.4 y anteriores, ioLogik E1211, firmware Version V2.3 y anteriores, ioLogik E1212, firmware Version V2.4 y anteriores, ioLogik E1213, firmware Version V2.5 y anteriores, ioLogik E1214, firmware Version V2.4 y anteriores, ioLogik E1240, firmware Version V2.3 y anteriores, ioLogik E1241, firmware Version V2.4 y anteriores, ioLogik E1242, firmware Version V2.4 y anteriores, ioLogik E1260, firmware Version V2.4 y anteriores, ioLogik E1262, firmware Version V2.4 y anteriores, ioLogik E2210, versiones de firmware anteriores a V3.13, ioLogik E2212, versiones de firmware anteriores a V3.14, ioLogik E2214, versiones de firmware anteriores a V3.12, ioLogik E2240, versiones de firmware anteriores a V3.12, ioLogik E2242, versiones de firmware anteriores a V3.12, ioLogik E2260, versiones de firmware anteriores a V3.13 y ioLogik E2262, versiones de firmware anteriores a V3.12. Una contraseña es transmitida en un formato que no es suficientemente seguro."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4","matchCriteriaId":"DCDDD74B-F96C-41AB-AA34-F86A29B00A18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*","matchCriteriaId":"67DDCD42-10D5-46B2-AB91-66EF30D5D645"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*","matchCriteriaId":"616E5D0B-0D3A-4808-8C15-2FDC35E8605C"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*","matchCriteriaId":"A0837606-60F7-4563-8F80-AE7C1CC3F469"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*","matchCriteriaId":"3239D045-8A7C-4407-B77C-E82C178D8B90"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*","matchCriteriaId":"5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*","matchCriteriaId":"B0B4FA04-BF84-4B8A-A295-0312A3790F2E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*","matchCriteriaId":"3366C39B-50FD-497B-A6A1-875CEB8913C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"A83428D7-5341-4A92-8D18-F37B9D832B64"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*","matchCriteriaId":"308E46FB-488A-4907-9A69-AACDE23A3394"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*","matchCriteriaId":"77A9D90D-0419-410C-AF65-0FFE0FF2882F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"CD8AFCCE-B83F-4756-B8CB-D7FC1C829B7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*","matchCriteriaId":"9AAE4F4E-779C-401F-A75E-AC66757DD313"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.11","matchCriteriaId":"62B1218A-B9FD-41C1-8CD6-FEF3DA183BE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2214:-:*:*:*:*:*:*:*","matchCriteriaId":"A95D941B-95C8-461B-8E96-0B6EC3A46AA9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2240:-:*:*:*:*:*:*:*","matchCriteriaId":"94F2BAE6-8A3C-4A1B-871A-3EF069C643C4"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2242:-:*:*:*:*:*:*:*","matchCriteriaId":"340A9411-F756-493C-8F95-7218C3F8548E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2262:-:*:*:*:*:*:*:*","matchCriteriaId":"BD47951B-A792-48E4-A8B1-D19616177FA4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12","matchCriteriaId":"C9D3E455-D965-495E-9912-EDE6E2FC64F5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2210:-:*:*:*:*:*:*:*","matchCriteriaId":"861285B9-D63C-42A7-B694-A6F68DF5489B"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2260:-:*:*:*:*:*:*:*","matchCriteriaId":"B7FE3E7C-F4A3-46EC-B823-2D2B9E0EDF37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"957E228F-7C70-4A52-A265-C45685945711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2212:-:*:*:*:*:*:*:*","matchCriteriaId":"38D2B0D8-AD5E-4C19-8AA7-37B471342BA3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93550","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93550","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8374","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, all versions, Magelis GTU Universal Panel, all versions, Magelis STO5xx and STU Small panels, all versions, Magelis XBT GH Advanced Hand-held Panels, all versions, Magelis XBT GK Advanced Touchscreen Panels with Keyboard, all versions, Magelis XBT GT Advanced Touchscreen Panels, all versions, and Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). An attacker may be able to disrupt a targeted web server, resulting in a denial of service because of UNCONTROLLED RESOURCE CONSUMPTION."},{"lang":"es","value":"Ha sido descubierto un problema en Schneider Electric Magelis HMI Magelis GTO Advanced Optimum Panels, todas las versiones, Magelis GTU Universal Panel, todas las versiones, Magelis STO5xx and STU Small panels, todas las versiones, Magelis XBT GH Advanced Hand-held Panels, todas las versiones, Magelis XBT GK Advanced Touchscreen Panels con Keyboard, todas las versiones, Magelis XBT GT Advanced Touchscreen Panels, todas las versiones y Magelis XBT GTW Advanced Open Touchscreen Panels (Windows XPe). Un atacante puede ser capaz de interrumpir un servidor web objetivo, causando una denegación de servicio por UNCONTROLLED RESOURCE CONSUMPTION."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_gtu_universal_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"67686731-11C6-4A70-86EA-C20D4A5E00C0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_gtu_universal_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"9338C7D9-7F38-4B34-BDB0-95563240A189"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_gto_advanced_optimum_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"453B800A-F3A0-4B22-961E-67F2EBAB292D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_gto_advanced_optimum_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"DDCA8937-DC4C-41C1-A1CC-BF4DA36C942D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_sto5_small_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6E0BA1A0-E0B9-46A0-86C4-4C82A2EFCFC9"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_sto5_small_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"C4FFCC32-67D5-4120-8BA8-C56C860CFEE4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_stu_small_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2DF991F7-68D1-489A-BEDF-468F38E8B481"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_stu_small_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"88823BB1-E5A0-4835-943F-C13EEA51F77A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"50F7724E-7DBF-499B-BCD1-A02B86478555"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gh_advanced_hand-held_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"126EDAD4-D08C-42B0-A621-596FCA27CF80"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7B73A3B3-686C-4F64-A398-C4E810A36FF7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gk_advanced_touchscreen_panel_with_keyboard:-:*:*:*:*:*:*:*","matchCriteriaId":"6B98FB31-BF55-48EA-A284-627C431090CF"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"48F17071-598B-4361-8AA4-E60DC1CF02AA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gt_advanced_touchscreen_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"92DF2AF4-045C-4E8E-AF10-A3BC0C824419"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"229C5A41-9D33-4224-9AD8-E4C683DDD7FF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:magelis_xbt_gtw_advanced_open_touchscreen_panel:-:*:*:*:*:*:*:*","matchCriteriaId":"735F7A66-E882-431B-B8C9-046289A20DF0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94093","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94093","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-308-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8376","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities."},{"lang":"es","value":"Ha sido descubierto un problema en la aplicación Kabona AB WebDatorCentral (WDC) anterior a la versión 3.4.0. Esta redirección no validada/reenvío no validado (OPEN REDIRECT) permite encadenar con vulnerabilidades autenticadas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kabona_ab:webdatorcentral:-:*:*:*:*:*:*:*","matchCriteriaId":"1DE79A94-3FD9-4E3C-B866-37CF5DDA2587"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93547","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8377","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an exploitable Structured Exception Handler (SEH) overwrite condition that may allow remote code execution."},{"lang":"es","value":"Ha sido descubierto un problema en Fatek Automation PLC WinProladder Version 3.11 Build 14701. Una vulnerabilidad de desbordamiento de búfer basado en pila existe cuando la aplicación de software se conecta a un servidor malicioso, resultando en un desbordamiento de búfer en pila. Esto provoca una condición de sobreescritura Structured Exception Handler (SEH) explotable que puede permitir la ejecución de código remoto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fatek:plc_winproladder_firmware:3.11:build_14701:*:*:*:*:*:*","matchCriteriaId":"8F110DC8-D913-45C6-AAC3-0C1396C4D73A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fatek:plc_winproladder:-:*:*:*:*:*:*:*","matchCriteriaId":"24E8C229-479D-49FD-98A7-0CCC4F2C5775"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94938","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42700/","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/94938","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42700/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8378","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. The application's database lacks sufficient safeguards for protecting credentials."},{"lang":"es","value":"Ha sido descubierto un problema en Lynxspring JENEsys BAS Bridge en las versiones 1.1.8 y anteriores. La base de datos de la aplicación carece de salvaguardas suficientes para proteger credenciales."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lynxspring:jenesys_bas_bridge:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1.8","matchCriteriaId":"1D06C1C3-7080-4869-B846-4EB86A05646F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94344","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94344","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-320-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8379","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. Users are restricted to using short passwords."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa ioLogik E1210, firmware Version V2.4 y anteriores, ioLogik E1211, firmware Version V2.3 y anteriores, ioLogik E1212, firmware Version V2.4 y anteriores, ioLogik E1213, firmware Version V2.5 y anteriores, ioLogik E1214, firmware Version V2.4 y anteriores, ioLogik E1240, firmware Version V2.3 y anteriores, ioLogik E1241, firmware Version V2.4 y anteriores, ioLogik E1242, firmware Version V2.4 y anteriores, ioLogik E1260, firmware Version V2.4 y anteriores, ioLogik E1262, firmware Version V2.4 y anteriores, ioLogik E2210, versiones de firmware anteriores a V3.13, ioLogik E2212, versiones de firmware anteriores a V3.14, ioLogik E2214, versiones de firmware anteriores a V3.12, ioLogik E2240, versiones de firmware anteriores a V3.12, ioLogik E2242, versiones de firmware anteriores a V3.12, ioLogik E2260, versiones de firmware anteriores a V3.13 y ioLogik E2262, versiones de firmware anteriores a V3.12. Los usuarios están restringidos a usar contraseñas cortas."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.4","matchCriteriaId":"DCDDD74B-F96C-41AB-AA34-F86A29B00A18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1210:-:*:*:*:*:*:*:*","matchCriteriaId":"67DDCD42-10D5-46B2-AB91-66EF30D5D645"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1212:-:*:*:*:*:*:*:*","matchCriteriaId":"616E5D0B-0D3A-4808-8C15-2FDC35E8605C"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1214:-:*:*:*:*:*:*:*","matchCriteriaId":"A0837606-60F7-4563-8F80-AE7C1CC3F469"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1241:-:*:*:*:*:*:*:*","matchCriteriaId":"3239D045-8A7C-4407-B77C-E82C178D8B90"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1242:-:*:*:*:*:*:*:*","matchCriteriaId":"5D40DF4C-0EA9-44B0-8D8C-D1FC2AB5A357"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1260:-:*:*:*:*:*:*:*","matchCriteriaId":"B0B4FA04-BF84-4B8A-A295-0312A3790F2E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1262:-:*:*:*:*:*:*:*","matchCriteriaId":"3366C39B-50FD-497B-A6A1-875CEB8913C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"A83428D7-5341-4A92-8D18-F37B9D832B64"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1211:-:*:*:*:*:*:*:*","matchCriteriaId":"308E46FB-488A-4907-9A69-AACDE23A3394"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1240:-:*:*:*:*:*:*:*","matchCriteriaId":"77A9D90D-0419-410C-AF65-0FFE0FF2882F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e1200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"CD8AFCCE-B83F-4756-B8CB-D7FC1C829B7D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e1213:-:*:*:*:*:*:*:*","matchCriteriaId":"9AAE4F4E-779C-401F-A75E-AC66757DD313"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.11","matchCriteriaId":"62B1218A-B9FD-41C1-8CD6-FEF3DA183BE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2214:-:*:*:*:*:*:*:*","matchCriteriaId":"A95D941B-95C8-461B-8E96-0B6EC3A46AA9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2240:-:*:*:*:*:*:*:*","matchCriteriaId":"94F2BAE6-8A3C-4A1B-871A-3EF069C643C4"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2242:-:*:*:*:*:*:*:*","matchCriteriaId":"340A9411-F756-493C-8F95-7218C3F8548E"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2262:-:*:*:*:*:*:*:*","matchCriteriaId":"BD47951B-A792-48E4-A8B1-D19616177FA4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.12","matchCriteriaId":"C9D3E455-D965-495E-9912-EDE6E2FC64F5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2210:-:*:*:*:*:*:*:*","matchCriteriaId":"861285B9-D63C-42A7-B694-A6F68DF5489B"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2260:-:*:*:*:*:*:*:*","matchCriteriaId":"B7FE3E7C-F4A3-46EC-B823-2D2B9E0EDF37"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:iologik_e2200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"957E228F-7C70-4A52-A265-C45685945711"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:iologik_e2212:-:*:*:*:*:*:*:*","matchCriteriaId":"38D2B0D8-AD5E-4C19-8AA7-37B471342BA3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93550","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93550","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-287-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}],"evaluatorComment":"CWE-521: Weak Password Requirements"}},{"cve":{"id":"CVE-2016-8566","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database."},{"lang":"es","value":"Ha sido descubierto un problema en Siemens SICAM PAS en versiones anteriores a 8.00. Por conservar contraseñas en un formato recuperable, un atacante local autenticado con determinados privilegios puede posiblemente reconstruir las contraseñas de usuarios para acceder a la base de datos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*","versionEndExcluding":"8.00","matchCriteriaId":"D8ADE343-DBC6-4682-83AC-0B0F4593D4A9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94552","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94552","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8567","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP."},{"lang":"es","value":"Ha sido descubierto un problema en Siemens SICAM PAS en versiones anteriores a 8.00. Una cuenta de fábrica con contraseñas embebidas está presente en las instalaciones de SICAM PAS. Los atacantes pueden obtener acceso privilegiado a la base de datos por el Port 2638/TCP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*","versionEndExcluding":"8.00","matchCriteriaId":"D8ADE343-DBC6-4682-83AC-0B0F4593D4A9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94549","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9332","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. Moxa SoftCMS Webserver no valida correctamente una entrada. Un atacante puede proporcionar valores inesperados y provocar la caída del programa o un consumo excesivo de recursos puede resultar en una condición de denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"FA1F6404-5BE2-4A5C-9556-6F04E2BABDAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94394","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/40779/","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/94394","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/40779/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9333","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa SoftCMS en versiones anteriores a 1.6. La SoftCMS Application no desinfecta correctamente entradas que pueden permitir a atacantes remotos acceder a SoftCMS con privilegios de administrador a través de una entrada especialmente manipulada (SQL INJECTION)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"FA1F6404-5BE2-4A5C-9556-6F04E2BABDAC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94394","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94394","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-322-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9334","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. User credentials are sent to the web server in clear text, which may allow an attacker to discover the credentials if they are able to observe traffic between the web browser and the server."},{"lang":"es","value":"Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, 1763-L16AWA, Series A y B, Versión 14.000 y versiones anteriores; 1763-L16BBB, Series A y B, Versión 14.000 y versiones anteriores; 1763-L16BWA, Series A y B, Versión 14.000 y versiones anteriores; y 1763-L16DWD, Series A y B, Versión 14.000 y versiones anteriores. Las credenciales de usuario son enviadas al servidor web en texto plano, lo que puede permitir a un atacante descubrir las credenciales si son capaces de observar el tráfico entre el navegador web y el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"F7434A56-A11C-4362-A806-ECC05EF81EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"E55698D3-601A-48E4-AD5A-C42AA32A02DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"8FBC09CC-AD8C-4412-90B0-1E798B56C4F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"58265FCD-55B4-4E9C-8A02-9702B8ED5E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"A719DAFD-8BA2-4E56-AC78-60C2D9FCBAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"530BB796-C178-49C1-ADF7-7B34E9FD6ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"C6D6A13D-69AC-431B-9E12-BDB6523BB49D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"D38291EC-779A-461C-971B-09A52C2FB668"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"44A021E4-B93B-4AA0-B7E7-A69F86666D24"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"FCE93E4A-C845-4B29-B09E-DA5EC4F22EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"CE5F717B-487B-473F-BD50-0DE76CAFD6B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"AEB0FCA4-C3D7-46CC-9D4A-C7FE8B7D25C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"55708721-9FAF-4778-95AE-C51FAF42E234"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"7E6A9C27-E079-43CD-A348-C257AD1B2C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"A2830F25-7489-4B96-8750-8E187BA155A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"391B81A5-A3BB-44FD-9849-2D9FC0A004EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"AACFCF1B-5FD4-451E-94F9-FFE6CA3427DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"31BCB97C-9F7C-47C7-832E-2EAA7B841CA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"93282079-80A2-4CDF-9EF8-D9EEBAC1D238"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"D4F5D81D-62BA-4655-8FB1-43BC0FF3288B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95302","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95302","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/319.html\">CWE-319: Cleartext Transmission of Sensitive Information</a>"}},{"cve":{"id":"CVE-2016-9337","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Tesla Motors Model S automobile, all firmware versions before version 7.1 (2.36.31) with web browser functionality enabled. The vehicle's Gateway ECU is susceptible to commands that may allow an attacker to install malicious software allowing the attacker to send messages to the vehicle's CAN bus, a Command Injection."},{"lang":"es","value":"Ha sido descubierto un problema en Tesla Motors Model S automobile, todas las versiones de firmware anteriores a la versión 7.1 (2.36.31) con funcionalidad de navegador web habilitada. La Gateway ECU del vehículo es susceptible a comandos que pueden permitir a un atacante instalar software malicioso permitiendo al atacante enviar mensajes al CAN bus del vehículo, una inyección de Comandos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:tesla:gateway_ecu:-:*:*:*:*:*:*:*","matchCriteriaId":"85A3BB9F-CEFC-43D3-85AD-61FCE98904E8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94697","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94697","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-341-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9338","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD, Series A and B, Version 14.000 and prior versions. Because of an Incorrect Permission Assignment for Critical Resource, users with administrator privileges may be able to remove all administrative users requiring a factory reset to restore ancillary web server function. Exploitation of this vulnerability will still allow the affected device to function in its capacity as a controller."},{"lang":"es","value":"Ha sido descubierto un problema en controlador Rockwell Automation Allen-Bradley MicroLogix 1100, 1763-L16AWA, Serie A y B, Versión 14.000 y versiones anteriores; 1763-L16BBB, Serie A y B, Versión 14.000 y versiones anteriores; 1763-L16BWA, Serie A y B, Versión 14.000 y versiones anteriores; y 1763-L16DWD, Serie A y B, Versión 14.000 y versiones anteriores. Debido a una asignación de permisos incorrecta para recursos críticos, los usuarios con privilegios de administrador pueden eliminar todos los usuarios administrativos requiriéndose un restablecimiento de fábrica para restaurar la función del servidor web auxiliar. La explotación de esta vulnerabilidad seguirá permitiendo que el dispositivo afectado funcione en su capacidad como controlador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","baseScore":2.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"F7434A56-A11C-4362-A806-ECC05EF81EDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"E55698D3-601A-48E4-AD5A-C42AA32A02DC"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"8FBC09CC-AD8C-4412-90B0-1E798B56C4F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"58265FCD-55B4-4E9C-8A02-9702B8ED5E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"A719DAFD-8BA2-4E56-AC78-60C2D9FCBAA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"530BB796-C178-49C1-ADF7-7B34E9FD6ED8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"C6D6A13D-69AC-431B-9E12-BDB6523BB49D"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"14.000","matchCriteriaId":"D38291EC-779A-461C-971B-09A52C2FB668"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"44A021E4-B93B-4AA0-B7E7-A69F86666D24"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"FCE93E4A-C845-4B29-B09E-DA5EC4F22EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"CE5F717B-487B-473F-BD50-0DE76CAFD6B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"AEB0FCA4-C3D7-46CC-9D4A-C7FE8B7D25C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"55708721-9FAF-4778-95AE-C51FAF42E234"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"7E6A9C27-E079-43CD-A348-C257AD1B2C9B"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"A2830F25-7489-4B96-8750-8E187BA155A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"391B81A5-A3BB-44FD-9849-2D9FC0A004EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"AACFCF1B-5FD4-451E-94F9-FFE6CA3427DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"31BCB97C-9F7C-47C7-832E-2EAA7B841CA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"93282079-80A2-4CDF-9EF8-D9EEBAC1D238"},{"vulnerable":true,"criteria":"cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*","versionEndIncluding":"15.004","matchCriteriaId":"D4F5D81D-62BA-4655-8FB1-43BC0FF3288B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95302","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95302","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-06","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/732.html\">CWE-732: Incorrect Permission Assignment for Critical Resource</a>"}},{"cve":{"id":"CVE-2016-9339","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversal."},{"lang":"es","value":"Ha sido descubierto un problema en INTERSCHALT Maritime Systems VDR G4e Versión 5.220 y anteriores. La entrada externa se utiliza para construir rutas de acceso a archivos y directorios sin neutralizar adecuadamente elementos especiales dentro de la ruta de acceso que podrían permitir a un atacante leer archivos en el sistema, un Salto de Ruta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:macgregor:interschalt_vdr_g4e_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"5.220","matchCriteriaId":"CED0AFF1-D11B-4D5A-AEFF-0ADDCB5F6947"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:macgregor:interschalt_vdr_g4e:-:*:*:*:*:*:*:*","matchCriteriaId":"BF42A648-D783-4FCB-BE6A-C9D0EF0EB2F6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94776","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94776","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9343","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 through 21.00 (excluding all firmware versions prior to FRN 16.00, which are not affected). By sending malformed common industrial protocol (CIP) packet, an attacker may be able to overflow a stack-based buffer and execute code on the controller or initiate a nonrecoverable fault resulting in a denial of service."},{"lang":"es","value":"Ha sido descubierto un problema en Rockwell Automation Logix5000 Programmable Automation Controller FRN 16.00 a 21.00 (excluyendo todas las versiones de firmware anteriores a FRN 16.00, que no se ven afectadas). Al enviar un paquete de protocolo industrial común (CIP) malformado, un atacante puede realizar un desbordamiento de búfer basado en pila y ejecutar código en el controlador o iniciar un fallo irrecuperable que da como resultado una denegación de servicio."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"BD15E200-9418-46D7-8A2B-65CFC1E1449F"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"38C57303-360E-41DF-9C62-E186341AA9BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"4A4B38B3-B47A-4A81-BD8D-8FE6DF9C0A6B"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:softlogix_5800_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"44724BF7-2CBF-406A-BA85-40E7B16998AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:softlogix_5800_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"BE8826E6-F7A6-454A-A26B-D6609EEB520E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"5946DCCE-ADFE-45EC-B0AD-C5D46E04B51F"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"58FE825C-973C-4F2F-8299-F617C0FEDCBD"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"BE5C79F5-313D-4A3E-8816-2232F99A4161"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:rslogix_emulate_5000_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"1D140073-F7D3-4C0B-9327-A3E93C789096"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:rslogix_emulate_5000:-:*:*:*:*:*:*:*","matchCriteriaId":"B232C5B1-C524-47F6-8227-967CF0798810"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"30A47A28-989D-4B08-BCA8-909AE3483F5D"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:17.00:*:*:*:*:*:*:*","matchCriteriaId":"6DA979C5-F4B2-4E8D-9CE6-0FFE26AAEB62"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"5A9C6862-FC86-49F7-8B7B-34C604620834"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"78423885-CAE7-421F-BA99-D48821499FC5"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"1B0402AD-20ED-4592-AC33-B21D03BC5862"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"6BBAFDCF-1EA1-4A24-8414-C64874226E72"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:20.017:*:*:*:*:*:*:*","matchCriteriaId":"2892A68E-D268-437A-98FA-7C915C5D60E3"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:guardlogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"74D62A17-D6E9-4BA1-805D-E770DCF02DE0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:guardlogix_5570_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"B4B273FA-0865-4505-AAF8-1676940A3EA9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:flexlogix_l34_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"01FBAB51-D2C5-4B1B-9B3A-AD906E2DE3A7"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:flexlogix_l34_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"EFD9612C-B26E-4422-BB8A-199FD1EABA64"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"6C34B6BD-E714-4C86-AF2C-4CC6923F5B50"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.020:*:*:*:*:*:*:*","matchCriteriaId":"515268CD-2009-45FF-8DAB-FFE3CF118A67"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_l55_controller_firmware:16.022:*:*:*:*:*:*:*","matchCriteriaId":"D4A6C9A1-1B7A-4EE9-AF5B-CF4C709D513F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:controllogix_l55_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"21A399A8-0F0D-400D-8D16-9CA51CFDCA34"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"30F1978E-480C-492A-A12E-FDF83DAA7C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.050:*:*:*:*:*:*:*","matchCriteriaId":"0B7B6B54-B3C9-4578-AC2F-FE5FEE22A9A2"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:20.055:*:*:*:*:*:*:*","matchCriteriaId":"B0B99AA2-4B13-4E2B-91EA-3F121A2C15E6"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_redundant_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"9FA7DE26-233F-48D3-A74D-921B6F1B1230"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:controllogix_5570_redundant_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"898183DD-C3AE-42EE-9891-81BFA774476A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"00DA5E83-FDE2-46B5-9E8E-BF0A1E66D002"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"A4F590CF-95C3-42A8-8E19-661B1FD3BC45"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"A702B034-E805-4E4D-90EC-23874FC00BB9"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"E3861BFC-B7D2-4190-B295-FE655FF74B72"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5570_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"BCF5D5F4-C420-4280-8B5A-07B45B4EBE1F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:controllogix_5570_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C16C24E2-4CB6-4413-8D48-588E0246617E"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"A4286F10-70FB-4F7A-8F6E-32B1022BF7A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"6644B164-2A73-40F8-ABE5-84776EC1A030"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"71C8B99B-30B6-49E9-905B-55582D337A0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.050:*:*:*:*:*:*:*","matchCriteriaId":"51EB913A-6105-4535-9E51-8AB430366D15"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_redundant_controller_firmware:20.055:*:*:*:*:*:*:*","matchCriteriaId":"53357D3A-7A1A-4E95-8B6B-D800095EA110"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:controllogix_5560_redundant_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"2D450A2D-C1CB-4A35-BFCE-542F4947182B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"3D9F0728-400C-4094-A5D7-A9D313EDFDAD"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.020:*:*:*:*:*:*:*","matchCriteriaId":"8AB1F5E7-80A5-4C1F-9C7C-717D86F3FD1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:16.022:*:*:*:*:*:*:*","matchCriteriaId":"B505D75B-78E7-4712-963F-C712731F7427"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:17.00:*:*:*:*:*:*:*","matchCriteriaId":"461EFE7F-7BFE-42E6-A41D-C66903B5A36C"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"664D455C-F227-4996-A333-A8AAF877B739"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"FF50A215-F526-49F5-94CC-27902ECE9723"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"8BC61753-C6F5-470C-B3B0-31D628F6483E"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"10F3A5FF-9474-4318-9BBD-321AD9B9BF7F"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:controllogix_5560_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"17073213-1F27-4FE5-8DAF-946664A17346"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:controllogix_5560_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"CC83AAAE-2F45-4740-9797-1CB3321ECB01"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"ED16846D-55A5-40D1-836E-ABF1CA9D95A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.020:*:*:*:*:*:*:*","matchCriteriaId":"9BC6F1D8-8867-4BF2-823C-B20E41C8F17A"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:16.023:*:*:*:*:*:*:*","matchCriteriaId":"162EBAC2-2D5C-4464-8272-BA6AD23DD2AE"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:17.00:*:*:*:*:*:*:*","matchCriteriaId":"20145EE0-9229-4660-AA08-B0F165A4DF06"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"A6ADFC17-7ADE-4A5F-98C4-53736E548962"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"0E89B03D-3F84-476B-8385-93E2E8BE0FBB"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"4F569C2B-510C-4811-9FB7-C2806C21FAEC"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"8C611ED6-6BAC-48D3-821F-1AAF0A095506"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l3x_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"5E831CAA-3059-4230-8EEC-97D1F7E4D781"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1769_compactlogix_l3x_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"2E3D7B25-F802-4D94-8986-2AEBDB35FB97"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"ED08235F-2897-4307-BA34-5031719EEE87"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:17.00:*:*:*:*:*:*:*","matchCriteriaId":"A3E3A206-FCEB-4296-A5BA-15207F457B5A"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"872D3223-3BE9-4BC3-8E9A-0F52C4C719DD"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"0F265304-853E-4FF1-8395-164A0576C1E2"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"9FA25A83-9FE3-41BD-88F0-5C09AEE5E0F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"8C067A35-A5E9-4EE9-BA07-2123DFE9D56D"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_l23x_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"F917811B-6A16-4674-A4B2-CCF2F086903F"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1769_compactlogix_l23x_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"156CF47F-E3BC-483B-A5BE-40DAC4FBCCBE"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"E3A864B2-C846-4D24-AA57-C7FAB0777B35"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"68A75275-595D-466F-A6FA-82DB71714CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"64BFD245-6747-4E49-A56E-67A0145E1661"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l3_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"925424D2-3595-4ECA-974F-3EA2FFCDE003"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l3_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"67A5E47C-FC53-463B-B532-9E205B9E3393"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"8043F689-261E-4A94-8EDE-63050A635186"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"375B8B2A-A0CF-4822-B641-D6830F82EC41"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"AD700041-A10D-4D77-9450-AD370F109979"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l2_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"C2AB490D-A6A1-4B9D-A573-140004696421"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l2_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"891A3459-3DB3-4C3A-945A-898092DBCF2C"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"8DAE1905-F4DA-4A72-982F-1FF82EAE3F9D"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.010:*:*:*:*:*:*:*","matchCriteriaId":"CA84CD2A-1039-473F-BAA8-7A187ED3D5EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"512FC535-3DE7-4AF2-BAF9-F005EAA04055"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1769_compactlogix_5370_l1_controller_firmware:21.00:*:*:*:*:*:*:*","matchCriteriaId":"BBD496C3-ED7D-4FA7-A037-0ADCD40F7149"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1769_compactlogix_5370_l1_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"2B315C5B-6161-42AF-BFA0-846544E84787"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.00:*:*:*:*:*:*:*","matchCriteriaId":"5DB40051-9B2F-4DC1-B0B1-583806BD04A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.020:*:*:*:*:*:*:*","matchCriteriaId":"23CB7ECE-A664-4B5A-B92B-22F0A5575879"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:16.025:*:*:*:*:*:*:*","matchCriteriaId":"AF33630D-E9F6-4FB9-A6DC-BF85486063B6"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:17.00:*:*:*:*:*:*:*","matchCriteriaId":"E09B3755-1F61-4516-8BB1-C300E77C1C7B"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"2873C1E4-735D-4F6E-BE24-CA37D74A78D8"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"DD836ECC-41B7-4BB9-86EE-FEF4C7AB50A6"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"5A8E44AA-4DC8-4D89-A2C4-D3F53B639392"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.011:*:*:*:*:*:*:*","matchCriteriaId":"0EC38504-BEF0-48EC-8135-F5E922B09FFF"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compactlogix_l4x_controller_firmware:20.016:*:*:*:*:*:*:*","matchCriteriaId":"5CD852A4-C347-4350-B6B6-D4BD50ECC673"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1768_compactlogix_l4x_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"D65D9A11-26E1-44EE-814F-F361E5E3BA9F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:18.00:*:*:*:*:*:*:*","matchCriteriaId":"3FBA3395-2D59-46E5-B145-09B3CCD17E59"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:19.00:*:*:*:*:*:*:*","matchCriteriaId":"E157C9EC-4715-48AE-B770-3906BCE42795"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.00:*:*:*:*:*:*:*","matchCriteriaId":"D9890588-8D37-4B5B-8D29-E639B27B164C"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.011:*:*:*:*:*:*:*","matchCriteriaId":"15685EC8-BDF5-4BDC-888A-E85E8CCA7DF9"},{"vulnerable":true,"criteria":"cpe:2.3:o:rockwellautomation:1768_compact_guardlogix_l4xs_controller_firmware:20.013:*:*:*:*:*:*:*","matchCriteriaId":"F0ED0CC0-BF83-493F-A675-5F1D42D1F818"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:rockwellautomation:1768_compact_guardlogix_l4xs_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"255EBEF7-AA35-42EC-A11F-1F36B9081996"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95304","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95304","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9344","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. An attacker may be able to brute force an active session cookie to be able to download configuration files."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Un atacante puede ser capaz de forzar una cookie de sesión activa para poder descargar archivos de configuración."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7","matchCriteriaId":"5768CC53-4855-45C6-9FD0-C3603B2FBA7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","matchCriteriaId":"E099C55B-0E6B-448E-A524-7D405261DC88"},{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0","matchCriteriaId":"AD73B290-2AB0-4AAB-B9D6-E655181C88D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*","matchCriteriaId":"08E72C6A-A107-4EB6-9692-C769DE9EEA17"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*","matchCriteriaId":"AACCDD37-C2D0-473A-ACE5-2B1246BF4712"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*","matchCriteriaId":"C0017FB3-ADDC-477E-B4CD-4BFF1977CED0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94783","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9345","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.767","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system."},{"lang":"es","value":"Ha sido descubierto un problema en Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1 y DeltaV V13.3. Vulnerabilidades críticas pueden permitir que un atacante local eleve privilegios dentro del sistema de control DeltaV."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":5.3}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:S/C:P/I:P/A:P","baseScore":4.9,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:emerson:deltav:12.3:*:*:*:*:*:*:*","matchCriteriaId":"0DA838B9-D68D-46FE-88A8-C0D1C3AC407C"},{"vulnerable":true,"criteria":"cpe:2.3:a:emerson:deltav:12.3.1:*:*:*:*:*:*:*","matchCriteriaId":"18C1FF31-4D2F-4678-8F7E-826F3E313EF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:emerson:deltav:13.3:*:*:*:*:*:*:*","matchCriteriaId":"78206A10-286C-4FD6-AD5F-087ED5AD7422"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/105767","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/94584","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/105767","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94584","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9346","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 versions prior to 1.4, and E3 versions prior to 1.1. Configuration data are stored in a file that is not encrypted."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa MiiNePort E1 versiones anteriores a 1.8, E2 versiones anteriores a 1.4 y E3 versiones anteriores a 1.1. Los datos de configuración son almacenados en un archivo que no está cifrado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e1_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7","matchCriteriaId":"5768CC53-4855-45C6-9FD0-C3603B2FBA7C"},{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e2_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","matchCriteriaId":"E099C55B-0E6B-448E-A524-7D405261DC88"},{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:miineport_e3_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0","matchCriteriaId":"AD73B290-2AB0-4AAB-B9D6-E655181C88D0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e1:-:*:*:*:*:*:*:*","matchCriteriaId":"08E72C6A-A107-4EB6-9692-C769DE9EEA17"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e2:-:*:*:*:*:*:*:*","matchCriteriaId":"AACCDD37-C2D0-473A-ACE5-2B1246BF4712"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:miineport_e3:-:*:*:*:*:*:*:*","matchCriteriaId":"C0017FB3-ADDC-477E-B4CD-4BFF1977CED0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94783","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94783","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-343-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9347","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.830","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Card V13.3, and SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) running the firmware available in the DeltaV system, release v13.3, have the SSH (Secure Shell) functionality enabled unnecessarily."},{"lang":"es","value":"Ha sido descubierto un problema en Emerson SE4801T0X Redundant Wireless I/O Card V13.3 y SE4801T1X Simplex Wireless I/O Card V13.3. DeltaV Wireless I/O Cards (WIOC) que ejecutan el firmware disponible en el sistema DeltaV, versión v13.3, tienen la funcionalidad SSH (Secure Shell) habilitada innecesariamente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":5.0,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:M/Au:N/C:P/I:P/A:P","baseScore":5.4,"accessVector":"ADJACENT_NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":5.5,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:emerson:se4801t0x_redundant_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*","matchCriteriaId":"D0027A39-A16C-4BF3-BCFF-27EAEF2CFA20"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:emerson:se4801t0x_redundant_wireless_i\\/o_card:-:*:*:*:*:*:*:*","matchCriteriaId":"1F515BD5-A516-4EF6-83BD-1D4FB13554A6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:emerson:se4801t1x_simplex_wireless_i\\/o_card_firmware:13.3:*:*:*:*:*:*:*","matchCriteriaId":"B244549D-2E37-4C53-B53A-FD99838A18AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:emerson:se4801t1x_simplex_wireless_i\\/o_card:-:*:*:*:*:*:*:*","matchCriteriaId":"D40F2767-6A1A-44BB-98F6-684A05BB2C0C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94586","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94586","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-334-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9348","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  A configuration file contains parameters that represent passwords in plaintext."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Un archivo de configuración contiene parámetros que representan contraseñas en texto plano."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9349","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.877","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure."},{"lang":"es","value":"Ha sido descubierto un problema en Advantech SUISAccess Server versión 3.0 y anteriores. Un atacante podría atravesar el sistema de archivos y extraer archivos que pueden resultar en divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:susiaccess:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"427CD0F1-B159-4AD4-B308-171335676713"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94629","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42401/","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.exploit-db.com/exploits/42402/","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/94629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42401/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/42402/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9351","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.907","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file."},{"lang":"es","value":"Ha sido descubierto un problema en Advantech SUISAccess Server versión 3.0 y anteriores. El error de subida de directorio transversal/file permite a un atacante cargar y descomprimir un archivo zip."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:susiaccess:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"427CD0F1-B159-4AD4-B308-171335676713"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94629","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42402/","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/94629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.exploit-db.com/exploits/42402/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9353","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.940","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use."},{"lang":"es","value":"Ha sido descubierto un problema en Advantech SUISAccess Server versión 3.0 y anteriores. La contraseña de administrador se almacena en el sistema y se cifra con una clave estática codificada en el programa. Atacantes pueden invertir la contraseña de la cuenta del administrador para usarla."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:susiaccess:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"427CD0F1-B159-4AD4-B308-171335676713"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94631","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94631","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9354","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa DACenter Versiones 1.4 y anteriores. Un archivo de proyecto especialmente manipulado puede hacer que el programa se bloquee debido al consumo de recursos no controlado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moxa:dacenter:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4","matchCriteriaId":"8CF2C5E1-A853-4CF4-BA42-E8AAD63F2C3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94891","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94891","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9356","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:01.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa DACenter Versions 1.4 and older. The application may suffer from an unquoted search path issue."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa DACenter Versiones 1.4 y anteriores. La aplicación puede sufrir de un problema de ruta de búsqueda no citado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moxa:dacenter:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4","matchCriteriaId":"8CF2C5E1-A853-4CF4-BA42-E8AAD63F2C3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94891","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94891","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-348-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9357","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.017","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain legacy Eaton ePDUs -- the affected products are past end-of-life (EoL) and no longer supported: EAMxxx prior to June 30, 2015, EMAxxx prior to January 31, 2014, EAMAxx prior to January 31, 2014, EMAAxx prior to January 31, 2014, and ESWAxx prior to January 31, 2014. An unauthenticated attacker may be able to access configuration files with a specially crafted URL (Path Traversal)."},{"lang":"es","value":"Ha sido descubierto un problema en ciertas legacy Eaton ePDUs -- los productos afectados han pasado el término de vida útil (EoL) y ya no son compatibles: EAMxxx antes del 30 de junio de 2015, EMAxxx antes del 31 de enero de 2014, EAMAxx antes del 31 de enero , 2014, EMAAxx antes del 31 de enero de 2014 y ESWAxx antes del 31 de enero de 2014. Un atacante no autenticado puede tener acceso a los archivos de configuración con una URL especialmente manipulada (Salto de Ruta)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:eaton:eamxxx_series_epdu_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"06-30-2015","matchCriteriaId":"2704CA8E-8D97-464D-AD69-856A1AEF1EF1"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:eaton:eamxxx_series_epdu:-:*:*:*:*:*:*:*","matchCriteriaId":"FF36BCAD-0E59-4ADD-8FF1-BB87232085C8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:eaton:emaxxx_series_epdu_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01-31-2014","matchCriteriaId":"E1D0A3D2-B37A-4F24-ACA7-EC263FFF2525"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:eaton:emaxxx_series_epdu:-:*:*:*:*:*:*:*","matchCriteriaId":"B25C1569-E247-4138-BBFD-B53A512F20F6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:eaton:eamaxx_series_epdu_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01-31-2014","matchCriteriaId":"298CB4D7-E575-404A-A0A5-89DB819491A6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:eaton:eamaxx_series_epdu:-:*:*:*:*:*:*:*","matchCriteriaId":"0999ABF5-4A96-4223-8928-AA54922D306D"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:eaton:emaaxx_series_epdu_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01-31-2014","matchCriteriaId":"26F24225-A90D-47B9-BE4D-575994669B30"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:eaton:emaaxx_series_epdu:-:*:*:*:*:*:*:*","matchCriteriaId":"02E9FBE3-0626-4442-ADF4-B8C5D7F30C0B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:eaton:eswaxx_series_epdu_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"01-31-2014","matchCriteriaId":"5D1A9302-1F03-4198-85E2-7AA8C769F643"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:eaton:eswaxx_series_epdu:-:*:*:*:*:*:*:*","matchCriteriaId":"0CFDA803-A346-4C19-9572-490971558551"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95817","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95817","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-026-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9360","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 and prior versions, Proficy HMI/SCADA CIMPLICITY Version 9.0 and prior versions, and Proficy Historian Version 6.0 and prior versions. An attacker may be able to retrieve user passwords if he or she has access to an authenticated session."},{"lang":"es","value":"Se encontró un problema en General Electric (GE) Proficy HMI/SCADA iFIX Version 5.8 SIM 13 y versiones anteriores, Proficy HMI/SCADA CIMPLICITY Versión 9.0 y versiones anteriores y Proficy Historian Versión 6.0 y versiones anteriores. Un atacante puede recuperar contraseñas de usuario si tiene acceso a una sesión autenticada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.8,"impactScore":5.3}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ge:cimplicity:*:*:*:*:*:*:*:*","versionEndIncluding":"9.0","matchCriteriaId":"B1F646B5-A9D5-4D7A-A39E-B7393B2926B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ge:historian:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0","matchCriteriaId":"58D8576D-3745-47AC-AFB5-AD7BEC33E906"},{"vulnerable":true,"criteria":"cpe:2.3:a:ge:ifix:*:*:*:*:*:*:*:*","versionEndIncluding":"5.8","matchCriteriaId":"D226196E-5F36-4919-B975-AFDAE6340855"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95630","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037809","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95630","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037809","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-05A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9361","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.080","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Administration passwords can be retried without authenticating."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Las contraseñas de administración se pueden volver a intentar sin autenticar."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9362","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.110","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released August 2015), WAGO 750-881 prior to FW09 (released August 2016), and WAGO 0758-0874-0000-0111. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to edit and to view settings without authenticating."},{"lang":"es","value":"Ha sido descubierto un problema en WAGO 750-8202/PFC200 anterior a FW04 (publicado en agosto de 2015), WAGO 750-881 anterior a FW09 (publicado en agosto de 2016) y WAGO 0758-0874-0000-0111. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malicioso puede editar y ver la configuración sin autenticarse."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:pfc200_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"D0E84548-C680-4FD6-A08E-83023B57AAA2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:pfc200:-:*:*:*:*:*:*:*","matchCriteriaId":"688A3248-7EAA-499D-A47C-A4D4900CDBD1"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:750-xxxx_series_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"4D1EC3D6-E985-47A5-B431-94A26E2A76E3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-8202:-:*:*:*:*:*:*:*","matchCriteriaId":"23B02096-81A5-4823-94F3-D87F389397DE"},{"vulnerable":false,"criteria":"cpe:2.3:h:wago:750-881:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE51647-62C1-4D3C-91FA-13ACA6CD71D2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wago:758-xxxx_series_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"FF48825F-A399-460A-8AEA-E50BCF88B99B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wago:758-874-0000-0111:-:*:*:*:*:*:*:*","matchCriteriaId":"6C7CD6B7-9F9D-49BD-800F-87A770AA9052"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95074","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95074","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-357-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9363","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Buffer overflow vulnerability may allow an unauthenticated attacker to remotely execute arbitrary code."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Una vulnerabilidad de desbordamiento de búfer puede permitir que un atacante no autenticado ejecute remotamente código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9364","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Fidelix FX-20 series controllers, versions prior to 11.50.19. Arbitrary file reading via path traversal allows an attacker to access arbitrary files and directories on the server."},{"lang":"es","value":"Ha sido descubierto un problema en controladores de las series Fidelix FX-20, versiones anteriores a 11.50.19. Lectura de archivos arbitrarios a través de un salto de ruta permite a un atacante acceder a archivos y directorios arbitrarios en el servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fidelex:fx-2030a_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"11.50.18","matchCriteriaId":"D5670C8C-3D49-48E7-B766-6026094AB25A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fidelex:fx-2030a_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"4003CE9A-4D26-4851-B18A-1FC73351196F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fidelex:fx-2030a-basic_firmware:11.50.18:*:*:*:*:*:*:*","matchCriteriaId":"8D9625B0-9791-4BBA-BAB9-8C2DDAB45AD8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:fidelex:fx-2030a-basic_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"F38F97EE-A57F-4EB3-837C-8152E9720A42"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95073","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95073","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-357-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9365","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Requests are not verified to be intentionally submitted by the proper user (CROSS-SITE REQUEST FORGERY)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Peticiones no son verificadas para ser presentadas intencionadamente por el usuario apropiado (CSRF)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9366","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  An attacker can freely use brute force to determine parameters needed to bypass authentication."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. Un atacante puede usar libremente la fuerza bruta para determinar los parámetros necesarios para eludir la autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9367","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  The amount of resources requested by a malicious actor is not restricted, leading to a denial-of-service caused by resource exhaustion."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. La cantidad de recursos solicitada por un actor malicioso no está restringida, conduciendo a una denegación de servicio provocada por el agotamiento de recursos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9369","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  Firmware can be updated over the network without authentication, which may allow remote code execution."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. El firmware puede ser actualizado a través de la red sin autenticación, lo que puede permitir la ejecución remota de código."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9371","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4.  User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING)."},{"lang":"es","value":"Ha sido descubierto un problema en Moxa NPort 5110 versiones anteriores a 2.6, NPort 5130/5150 Series versiones anteriores a 3.6, NPort 5200 Series versiones anteriores a 2.8, NPort 5400 Series versiones anteriores a 3.11, NPort 5600 Series versiones anteriores a 3.7, NPort 5100A Series & NPort P5150A versiones anteriores a 1.3, NPort 5200A Series versiones anteriores a 1.3, NPort 5150AI-M12 Series versiones anteriores a 1.2, NPort 5250AI-M12 Series versiones anteriores a 1.2, NPort 5450AI-M12 Series versiones anteriores a 1.2, NPort 5600-8-DT Series versiones anteriores a 2.4, NPort 5600-8-DTL Series versiones anteriores a 2.4, NPort 6x50 Series versiones anteriores a 1.13.11, NPort IA5450A versiones anteriores a v1.4. La entrada controlada por el usuario no es neutralizada antes de ser enviada a la página web (XSS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5","matchCriteriaId":"F8B36FF8-808A-4BFB-BF3E-C454449EC761"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110:-:*:*:*:*:*:*:*","matchCriteriaId":"B9D28B00-C0BD-4B70-B871-9D18F37DCBE9"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.5","matchCriteriaId":"747C55F4-D7CF-418B-BAFB-64CE71F4DD63"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130:-:*:*:*:*:*:*:*","matchCriteriaId":"E5507650-F3BF-45AF-AA54-06CF3EAF7DDB"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150:-:*:*:*:*:*:*:*","matchCriteriaId":"2CD7B68B-128D-4AB0-AE9E-A8B9329D67C5"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7","matchCriteriaId":"A24577B4-5E3C-4727-8A50-EA3C33401636"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210:-:*:*:*:*:*:*:*","matchCriteriaId":"18402F31-34ED-431B-A9D3-1EDC546B9381"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230:-:*:*:*:*:*:*:*","matchCriteriaId":"A98BEE65-958C-45B0-915B-BEB39E356CBE"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232:-:*:*:*:*:*:*:*","matchCriteriaId":"C40A47B2-55B7-43E3-9E01-34CB57D16267"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5232i:-:*:*:*:*:*:*:*","matchCriteriaId":"4E1D65E4-3836-41FC-9F06-A78D7D0AB2EC"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5400_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.10","matchCriteriaId":"5834C0C2-0C1F-40AA-BBE8-1A01E10A43AD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5410:-:*:*:*:*:*:*:*","matchCriteriaId":"FD9C3024-D682-4C4E-AF88-29F9FEA8AF12"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430:-:*:*:*:*:*:*:*","matchCriteriaId":"0A398369-6E35-492C-9D85-6564B030E858"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5430i:-:*:*:*:*:*:*:*","matchCriteriaId":"0EF39890-7A93-43EA-964C-3AE5B747E0E7"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450:-:*:*:*:*:*:*:*","matchCriteriaId":"38683F12-3FFD-4E9F-BDBF-6AD386A59091"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450-t:-:*:*:*:*:*:*:*","matchCriteriaId":"7E747BEA-5087-4E3C-8DFF-EFFD84FE187F"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i:-:*:*:*:*:*:*:*","matchCriteriaId":"6FE28734-0DC6-4150-B282-E85FA86CD3F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450i-t:-:*:*:*:*:*:*:*","matchCriteriaId":"1AB85377-D610-40C0-9BAA-482A6F039D31"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5600_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6","matchCriteriaId":"649F9322-D82E-4C2D-944F-748C581BF1E4"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610:-:*:*:*:*:*:*:*","matchCriteriaId":"3CF626E1-EC48-4D6B-9942-035122B9A887"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5630:-:*:*:*:*:*:*:*","matchCriteriaId":"E6B68C29-57E5-427A-AA83-D0A44E18E468"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650:-:*:*:*:*:*:*:*","matchCriteriaId":"6947F0B7-12D9-47B7-BABD-3579D620EC4A"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5100a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"76059B73-20B0-4BF5-BAD9-A1D00F9DACAD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"6A659CBC-2A65-46AB-ACED-2C5EFC17BE71"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5130a:-:*:*:*:*:*:*:*","matchCriteriaId":"DC23CCC6-A408-452A-96F2-046662551832"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a:-:*:*:*:*:*:*:*","matchCriteriaId":"184129E6-9A9C-49BB-AE95-D0CEC1C5EBF2"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_p5150a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"FB976330-9062-48C3-9ED9-0B696CB778AC"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_p5110a:-:*:*:*:*:*:*:*","matchCriteriaId":"DF26B8A9-FDC5-4634-B341-7C6F2E1BCBF4"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5200a_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"4AF38EB9-EFE7-4A1B-94D7-5E5011FFBBA0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5210a:-:*:*:*:*:*:*:*","matchCriteriaId":"42B39317-D97B-4E9B-A6C3-B006B7A078F6"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5230a:-:*:*:*:*:*:*:*","matchCriteriaId":"23518919-EAD2-43B9-91EB-946C044073F9"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a:-:*:*:*:*:*:*:*","matchCriteriaId":"ED314ED8-2665-44F4-9FFF-940547392B6B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_5x50a1-m12_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.1","matchCriteriaId":"B8233CDC-98F0-46F3-AB55-DC7DEF9630AB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"647275A0-6F25-4002-AE26-5F8397159FB1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"0908C5BA-5568-4612-A96B-3869979FCB83"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"9152230A-AC8C-4B43-99A9-6AF4C26CE4C1"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5150a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"E919D3F5-12E4-42F4-BE48-D426240BE2AF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"86DCA3A9-CEF1-493F-89EB-B39275906E32"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"1A1FDA9E-2D80-4407-94F6-6787EB605E37"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"479014A6-4878-4372-82F9-9274FC90F487"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5250a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"968A147A-9E5C-46E3-AE27-155EF7332D60"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12:-:*:*:*:*:*:*:*","matchCriteriaId":"10C16DCC-6489-43D8-96BF-4F4D10561956"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct:-:*:*:*:*:*:*:*","matchCriteriaId":"41216A7C-065A-4022-9ECD-35052C033C24"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-ct-t:-:*:*:*:*:*:*:*","matchCriteriaId":"5D5BE975-D504-4F21-BC05-F5087F9BAD57"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5450a1-m12-t:-:*:*:*:*:*:*:*","matchCriteriaId":"AD728AD5-D527-4A88-B80E-C278E9369AA6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:moxa:nport_5600-8-dtl_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3","matchCriteriaId":"7383E19A-8524-4CF0-8E6A-D6598BFBBEBF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5610-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"4ADBF536-3320-4F38-BF68-CC69EEB07454"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8B68B983-04C3-494A-9B1B-BB57A456E3FF"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_5650i-8-dtl:-:*:*:*:*:*:*:*","matchCriteriaId":"8DAE50DD-65CC-467E-878C-6EC68BF1743B"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:moxa:nport_6100_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.13","matchCriteriaId":"D0D45D46-9160-43D3-9D94-407127CDC184"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150:-:*:*:*:*:*:*:*","matchCriteriaId":"87373328-5B7A-49DE-B18C-A35433B05786"},{"vulnerable":false,"criteria":"cpe:2.3:h:moxa:nport_6150-t:-:*:*:*:*:*:*:*","matchCriteriaId":"16561579-3023-4987-BA2D-510E7F702F95"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/85965","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/85965","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-16-336-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5139","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web II. Cualquier usuario puede revelar una contraseña accediendo a una URL específica, debido al almacenamiento en texto plano de una contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5140","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.393","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. La contraseña se almacena en texto plano."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-522"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5141","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.423","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the opportunity to steal authenticated sessions (SESSION FIXATION)."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un atacante puede establecer una nueva sesión de usuario, sin invalidar ningún identificador de sesión existente, lo que le da la oportunidad de robar sesiones autenticadas (REPARACIÓN DE SESIÓN)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5142","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.457","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario con privilegios bajos puede abrir y cambiar los parámetros accediendo a una URL específica debido a una gestión de privilegios incorrecta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.1,"impactScore":5.3}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5143","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL."},{"lang":"es","value":"Ha sido descubierto un problema en el controlador XL1000C500 XLWebExe-2-01-00 de XLWebExe-2 y anteriores y XLWebExe-1-02-08 y anteriores de XLWebExe-1-02-08 de Honeywell XL Web. Un usuario sin autenticación puede realizar un ataque de desplazamiento de directorios accediendo a una URL específica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-1-02-08:*:*:*:*:*:*:*","matchCriteriaId":"6F06D365-A41E-45EE-8F93-035E1B8C2723"},{"vulnerable":true,"criteria":"cpe:2.3:o:honeywell:xl_web_ii_controller:xlwebexe-2-01-00:*:*:*:*:*:*:*","matchCriteriaId":"3B7544CA-319B-40A2-AD75-FF0159DF0DAA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:honeywell:xl_web_ii_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"C7B6E447-DF91-45ED-86FD-921C6A4FCD21"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95971","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95971","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-033-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5144","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. The access control flaw allows access to most application functions without authentication."},{"lang":"es","value":"Se ha descubierto un problema en Carlo Gavazzi VMU-C EM anterior a la versión de firmware A11_U05 y VMU-C PV y anterior a la versión firmware A17. La falla de control de acceso permite el acceso a la mayoría de las funciones de la aplicación sin autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_em_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"87350035-E65E-4A46-8572-8039A6266D1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_em:-:*:*:*:*:*:*:*","matchCriteriaId":"D57DACE2-2D99-4952-B15C-3E106886ABD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_pv_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"43AB7FE5-E55D-4096-9DA3-241299899FEF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_pv:-:*:*:*:*:*:*:*","matchCriteriaId":"E1E6B643-2FBD-4C8B-A498-8D0BD071505B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95411","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95411","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5145","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.550","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Successful exploitation of this CROSS-SITE REQUEST FORGERY (CSRF) vulnerability can allow execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration."},{"lang":"es","value":"Se ha descubierto un problema en Carlo Gavazzi VMU-C EM anterior a la versión de firmware A11_U05 y VMU-C PV anterior al firmware Versión A17. La explotación exitosa de esta vulnerabilidad de CSRF puede permitir la ejecución de acciones no autorizadas en el dispositivo, tales como cambios de parámetro de configuración y guardado de configuración modificada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_em_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"87350035-E65E-4A46-8572-8039A6266D1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_em:-:*:*:*:*:*:*:*","matchCriteriaId":"D57DACE2-2D99-4952-B15C-3E106886ABD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_pv_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"43AB7FE5-E55D-4096-9DA3-241299899FEF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_pv:-:*:*:*:*:*:*:*","matchCriteriaId":"E1E6B643-2FBD-4C8B-A498-8D0BD071505B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95411","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95411","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5146","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text."},{"lang":"es","value":"Se ha descubierto un problema en Carlo Gavazzi VMU-C EM anterior a la versión de firmware A11_U05 y VMU-C PV anterior al firmware Versión A17. La información sensible se almacena en texto plano."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_em_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"87350035-E65E-4A46-8572-8039A6266D1D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_em:-:*:*:*:*:*:*:*","matchCriteriaId":"D57DACE2-2D99-4952-B15C-3E106886ABD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:carlosgavazzi:vmu-c_pv_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"43AB7FE5-E55D-4096-9DA3-241299899FEF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:carlosgavazzi:vmu-c_pv:-:*:*:*:*:*:*:*","matchCriteriaId":"E1E6B643-2FBD-4C8B-A498-8D0BD071505B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95411","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95411","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5151","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.627","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution."},{"lang":"es","value":"Ha sido descubierto un problema en VideoInsight Web Client versión 6.3.5.11 y versiones anteriores. Se ha identificado una vulnerabilidad de inyección SQL, que puede permitir la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:panasonic:video_insight_web_client:*:*:*:*:*:*:*:*","versionEndIncluding":"6.3.5.11","matchCriteriaId":"FCDA545B-B239-4CA0-A354-34E8A82ACB1C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95416","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95416","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5152","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Advantech WebAccess Version 8.1. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access pages unrestricted (AUTHENTICATION BYPASS)."},{"lang":"es","value":"Ha sido descubierto un problema en Advantech WebAccess Versión 8.1. Accediendo a un localizador de recursos uniforme (URL) específico en el servidor web, un usuario malicioso es capaz de acceder a páginas sin restricciones (ELUSIÓN DE AUTENTICACIÓN)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:webaccess:8.1:*:*:*:*:*:*:*","matchCriteriaId":"5EBB0164-FC86-47E3-BCA9-968487C9663D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95410","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.tenable.com/security/research/tra-2017-04","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/95410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.tenable.com/security/research/tra-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5153","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.690","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier versions, and PI Web API 2016 R2 when deployed using the PI AF Services 2016 R2 integrated install kit. An information exposure through server log files vulnerability has been identified, which may allow service account passwords to become exposed for the affected services, potentially leading to unauthorized shutdown of the affected PI services as well as potential reuse of domain credentials."},{"lang":"es","value":"Ha sido descubierto un problema en OSIsoft PI Coresight 2016 R2 y versiones anteriores y PI Web API 2016 R2 cuando se implementa utilizando el kit de instalación integrado PI AF Services 2016 R2. Se ha identificado una vulnerabilidad de exposición de información a través de los archivos de inicio de sesión del servidor, lo que puede permitir que las contraseñas de la cuenta de servicio queden expuestas para los servicios afectados, potencialmente conduciendo al cierre no autorizado de los servicios PI afectados, así como a la posible reutilización de credenciales de dominio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:osisoft:pi_coresight:*:*:*:*:*:*:*:*","versionEndIncluding":"2016-r2","matchCriteriaId":"11887654-16DB-483B-9F0F-F5332B0BD6E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:osisoft:pi_web_api:2016-r2:*:*:*:*:*:*:*","matchCriteriaId":"7530DB5E-ABD1-4D03-9871-4FC7EEC3A67B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95355","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95355","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-010-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5154","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.707","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files."},{"lang":"es","value":"Ha sido descubierto un problema en Advantech WebAccess Versión 8.1. Para poder explotar la vulnerabilidad de inyección de SQL, un atacante debe proporcionar entrada malformada al software WebAccess. Un ataque exitoso podría resultar en acceso administrativo a la aplicación y sus archivos de datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:advantech:webaccess:8.1:*:*:*:*:*:*:*","matchCriteriaId":"5EBB0164-FC86-47E3-BCA9-968487C9663D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95410","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.tenable.com/security/research/tra-2017-04","source":"ics-cert@hq.dhs.gov"},{"url":"http://www.securityfocus.com/bid/95410","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-012-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://www.tenable.com/security/research/tra-2017-04","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5155","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenarios, resources beyond those created by Wonderware Historian may be compromised as well."},{"lang":"es","value":"Ha sido descubierto un problema en Schneider Electric Wonderware Historian 2014 R2 SP1 P01 y versiones anteriores. Wonderware Historian crea inicios de sesión con contraseñas predeterminadas, lo que puede permitir que una entidad maliciosa comprometer las bases de datos de Historian. En algunos escenarios de instalación, los recursos además de los creados por Wonderware Historian también pueden verse comprometidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:schneider-electric:wonderware_historian:2014_r2_sp1_p01:*:*:*:*:*:*:*","matchCriteriaId":"E563B308-C7FF-428B-A6E8-4528FD27E8B7"}]}]}],"references":[{"url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95766","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037808","source":"ics-cert@hq.dhs.gov"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000115/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95766","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037808","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-024-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5157","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.767","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Schneider Electric homeLYnk Controller, LSS100100, all versions prior to V1.5.0. The homeLYnk controller is susceptible to a cross-site scripting attack. User inputs can be manipulated to cause execution of JavaScript code."},{"lang":"es","value":"Ha sido descubierto un problema en Schneider Electric homeLYnk Controller, LSS100100, todas las versiones anteriores a V1.5.0. El controlador homeLYnk es susceptible a un ataque de secuencias de comandos en sitios cruzados. Las entradas del usuario pueden ser manipuladas para provocar la ejecución de código JavaScript."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:schneider_electric:homelynk_controller_lss100100_firmware:1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"5D235123-C722-4B40-9A0A-6BB40A2FF180"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:schneider-electric:homelynk_controller_lss100100:-:*:*:*:*:*:*:*","matchCriteriaId":"69F69759-DDB2-4831-8E88-0D40BD9E7AE5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95665","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95665","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-019-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5159","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.800","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to its default value."},{"lang":"es","value":"Ha sido descubierto un problema en dispositivos Phoenix Contact mGuard que se actualizaron a la Versión 8.4.0. Cuando se está actualizando un dispositivo mGuard a la Versión 8.4.0 mediante la función de actualización-carga, la actualización se realizará correctamente, pero restablecerá la contraseña del usuario administrador a su valor predeterminado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-99"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:phoenixcontact:mguard_firmware:8.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5E1A330E-D271-42A9-A315-6A6ADA394726"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95648","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-017-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5161","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.830","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, versions prior to Version 3.02.01, and Winlog Pro SCADA Software, versions prior to Version 3.02.01. An uncontrolled search path element (DLL Hijacking) vulnerability has been identified. Exploitation of this vulnerability could give an attacker access to the system with the same level of privilege as the application that utilizes the malicious DLL."},{"lang":"es","value":"Ha sido descubierto un problema en Sielco Sistemi Software Winlog Lite SCADA Software, versiones anteriores a la Versión 3.02.01 y Winlog Pro SCADA Software, versiones anteriores a la Versión 3.02.01. Se ha identificado una vulnerabilidad no controlada del elemento de ruta de acceso de búsqueda (DLL Hijacking). La explotación de esta vulnerabilidad podría dar a un atacante acceso al sistema con el mismo nivel de privilegio que la aplicación que utiliza la DLL maliciosa."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sielcosistemi:winlog_lite:*:*:*:*:*:*:*:*","versionEndIncluding":"3.01.10","matchCriteriaId":"03372132-C2BD-471F-A2D0-3CE01A3BB432"},{"vulnerable":true,"criteria":"cpe:2.3:a:sielcosistemi:winlog_pro:*:*:*:*:*:*:*:*","versionEndIncluding":"3.01.10","matchCriteriaId":"6BE1A9F0-0F59-4133-8876-16CF6936ACEC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96119","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96119","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5162","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.860","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration."},{"lang":"es","value":"Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. La falta de autenticación para el servicio remoto da acceso a la configuración de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*","matchCriteriaId":"43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93028","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5163","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.877","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. After an administrator downloads a configuration file, a copy of the configuration file, which includes hashes of user passwords, is saved to a location that is accessible without authentication by path traversal."},{"lang":"es","value":"Ha sido descubierto un problema en Belden Hirschmann GECKO Lite Managed switch, versión 2.0.00 y versiones anteriores. Después de que un administrador descargue un archivo de configuración, una copia del archivo de configuración, que incluye hashes de contraseñas de usuario, se guarda en una ubicación accesible sin autenticación por salto de ruta."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:belden_hirschmann:gecko_lite_managed_switch_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.00","matchCriteriaId":"F6C3FE20-F449-4AE3-A70D-125BE0934473"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:belden_hirschmann:gecko_lite_managed_switch:-:*:*:*:*:*:*:*","matchCriteriaId":"6F981F2D-B30E-49A8-9FFB-5A9A01C6D46C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95815","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-026-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5164","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.923","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Input sent from a malicious client is not properly verified by the server. An attacker can execute arbitrary script code in another user's browser session (CROSS-SITE SCRIPTING)."},{"lang":"es","value":"Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. La entrada enviada desde un cliente malicioso no es verificada adecuadamente por el servidor. Un atacante puede ejecutar código de script arbitrario en la sesión del navegador de otro usuario (XSS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*","matchCriteriaId":"43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93028","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5165","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.957","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized actions on the device such as configuration parameter changes, and saving modified configuration."},{"lang":"es","value":"Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. No hay Token CSRF generado por página y/o por función (sensible). La explotación exitosa de esta vulnerabilidad puede permitir la ejecución silenciosa de acciones no autorizadas en el dispositivo tales como cambios de parámetros de configuración y guardar la configuración modificada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*","matchCriteriaId":"43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93028","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5166","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:02.987","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. An INFORMATION EXPOSURE flaw can be used to gain privileged access to the device."},{"lang":"es","value":"Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. Se puede utilizar una falla de EXPOSICIÓN DE INFORMACIÓN para obtener acceso privilegiado al dispositivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*","matchCriteriaId":"43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93028","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5167","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:03.003","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Users do not have any option to change their own passwords."},{"lang":"es","value":"Ha sido descubierto un problema en BINOM3 Universal Multifunctional Electric Power Quality Meter. Los usuarios no tienen ninguna opción para cambiar sus propias contraseñas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:binom3:universal_multifunctional_electric_power_quality_meter_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"AD3D22CB-94D8-4066-8D92-6B3EE21A1C19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:binom3:universal_multifunctional_electric_power_quality_meter:-:*:*:*:*:*:*:*","matchCriteriaId":"43E83CFB-E822-4C19-A8FE-9A4F88A9E545"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93028","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/93028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-031-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5168","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:03.050","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution."},{"lang":"es","value":"Ha sido descubierto un problema en Hanwha Techwin Smart Security Manager Versiones 1.5 y anteriores. Múltiples vulnerabilidades de salto de ruta han sido identificadas. Los defectos existen dentro del servicio de ActiveMQ Broker que se instala como parte del producto. Mediante la emisión de peticiones HTTP específicas, si un usuario visita una página maliciosa, un atacante puede obtener acceso a archivos arbitrarios en el servidor. Smart Security Manager Versiones 1.4 y anteriores a 1.31 están afectadas por estas vulnerabilidades. Estas vulnerabilidades pueden permitir la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"38BFDE92-9695-4ABC-BF16-7BCAFC6573A8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96147","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-5169","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T21:59:03.067","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution."},{"lang":"es","value":"Ha sido descubierto un problema en Hanwha Techwin Smart Security Manager Versiones 1.5 y anteriores. Múltiples vulnerabilidades de CSRF se han identificado. Los defectos existen dentro de los servidores Redis y Apache Felix Gogo que están instalados como parte de este producto. Mediante la emisión de solicitudes específicas de HTTP Post, un atacante puede obtener acceso a nivel de sistema a una sesión de shell remota. Las versiones de Smart Security Manager 1.5 y anteriores están afectadas por estas vulnerabilidades. Estas vulnerabilidades pueden permitir la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hanwha-security:smart_security_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"38BFDE92-9695-4ABC-BF16-7BCAFC6573A8"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96147","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01","source":"ics-cert@hq.dhs.gov","tags":["Patch","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96147","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8355","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T22:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates."},{"lang":"es","value":"Ha sido descubierto un problema en Smiths-Medical CADD-Solis Medication Safety Software, Versión 1.0; 2,0; 3,0; Y 3.1. CADD-Solis Medication Safety Software otorga a un usuario autenticado privilegios elevados en la base de datos SQL, lo que permitiría a un usuario autenticado modificar las bibliotecas de fármacos, agregar y eliminar usuarios y cambiar permisos de usuarios. Según Smiths-Medical, el acceso físico a la bomba se requiere para instalar las actualizaciones de la biblioteca de fármacos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:*:*:*:*:*:*:*","matchCriteriaId":"AF207912-1122-4D34-A793-0FE76E158E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:*:*:*:*:*:*:*","matchCriteriaId":"D8F550F1-8996-45F9-9676-5E1DBC0EA8EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:*:*:*:*:*:*:*","matchCriteriaId":"9FC5553F-6BF6-41CB-B70D-96BD73DFD232"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:*:*:*:*:*:*:*","matchCriteriaId":"7DF8B46B-7A15-4B90-927B-681B8C3B0411"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94630","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94630","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8358","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T22:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Smiths-Medical CADD-Solis Medication Safety Software, Version 1.0; 2.0; 3.0; and 3.1. The affected software does not verify the identities at communication endpoints, which may allow a man-in-the-middle attacker to gain access to the communication channel between endpoints."},{"lang":"es","value":"Ha sido descubierto un problema en Smiths-Medical CADD-Solis Medication Safety Software, Versión 1.0; 2,0; 3,0; Y 3.1. El software afectado no verifica las identidades en los puntos finales de comunicación, lo que puede permitir que un atacante de tipo man-in-the-middle obtenga acceso al canal de comunicación entre extremos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-346"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:1.0:*:*:*:*:*:*:*","matchCriteriaId":"AF207912-1122-4D34-A793-0FE76E158E0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:2.0:*:*:*:*:*:*:*","matchCriteriaId":"D8F550F1-8996-45F9-9676-5E1DBC0EA8EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.0:*:*:*:*:*:*:*","matchCriteriaId":"9FC5553F-6BF6-41CB-B70D-96BD73DFD232"},{"vulnerable":true,"criteria":"cpe:2.3:a:smiths-medical:cadd-solis_medication_safety_software:3.1:*:*:*:*:*:*:*","matchCriteriaId":"7DF8B46B-7A15-4B90-927B-681B8C3B0411"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94630","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/94630","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-8375","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T22:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7, and 8000 PC unit. An unauthorized user with physical access to an affected Alaris PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling the PC unit and accessing the device's flash memory. The Alaris 8015 PC unit, Version 9.7, and the 8000 PC unit store wireless network authentication credentials and other sensitive technical data on internal flash memory. Accessing the internal flash memory of the affected device would require special tools to extract data and carrying out this attack at a healthcare facility would increase the likelihood of detection."},{"lang":"es","value":"Ha sido descubierto un problema en la unidad Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC), versión 9.5 y versiones anteriores, y en la versión 9.7 y unidad de PC 8000. Un usuario no autorizado con acceso físico a una unidad de Alaris PC afectada puede obtener credenciales de autenticación de red inalámbrica sin cifrar y otros datos técnicos confidenciales al desmontar la unidad de PC y acceder a la memoria flash del dispositivo. La unidad PC Alaris 8015, Versión 9.7 y la unidad PC 8000 almacenan credenciales de autenticación de redes inalámbricas y otros datos técnicos sensibles en la memoria flash interna. El acceso a la memoria flash interna del dispositivo afectado requeriría herramientas especiales para extraer datos y llevar a cabo este ataque en una instalación sanitaria aumentaría la probabilidad de detección."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.5,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:N/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bd:alaris_8015_pc_unit:*:*:*:*:*:*:*:*","versionEndIncluding":"9.5","matchCriteriaId":"5C65F8B2-E4A6-429B-BA5A-FD3FA2B7ABF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:bd:alaris_8015_pc_unit:9.7:*:*:*:*:*:*:*","matchCriteriaId":"6A084F62-ED84-4DE0-BE57-6665FB7248B6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96113","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-9355","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T22:59:00.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience."},{"lang":"es","value":"Ha sido descubierto un problema en la unidad de Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC), versión 9.5 y versiones anteriores, y en la versión 9.7. Un usuario no autorizado con acceso físico a una unidad de PC Alaris 8015 puede ser capaz de obtener credenciales de autenticación de red inalámbrica sin cifrar y otros datos técnicos sensibles mediante el desmontaje de una unidad de PC Alaris 8015 y accediendo a la memoria flash del dispositivo. Las versiones de software más antiguas de la unidad Alaris 8015 PC versión 9.5 y versiones anteriores almacenan credenciales de autenticación de red inalámbrica y otros datos técnicos sensibles en la memoria flash extraíble del dispositivo afectado. Ser capaz de eliminar la memoria flash del dispositivo afectado reduce el riesgo de detección, permitiendo a un atacante extraer los datos almacenados a conveniencia del atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bd:alaris_8015_pc_unit:*:*:*:*:*:*:*:*","versionEndIncluding":"9.5","matchCriteriaId":"5C65F8B2-E4A6-429B-BA5A-FD3FA2B7ABF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:bd:alaris_8015_pc_unit:9.7:*:*:*:*:*:*:*","matchCriteriaId":"6A084F62-ED84-4DE0-BE57-6665FB7248B6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96116","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96116","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-1121","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-13T22:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997743"},{"lang":"es","value":"IBM WebSphere Application Server 7.0, 8.0 y 9.0 es vulnerable a las secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista conduciendo potencialmente a la divulgación de credenciales dentro de una sesión de confianza. IBM Reference #: 1997743"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"B0905C80-A1BA-49CD-90CA-9270ECC3940C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*","matchCriteriaId":"07EBB48B-4EE2-4333-851E-BA1B104FBE92"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*","matchCriteriaId":"E30E8CE2-9137-4669-AE86-FB8ED0899736"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:8.5.5:*:*:*:*:*:*:*","matchCriteriaId":"CBC9BD49-31BF-4D79-BAFE-5107D611FF61"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*","matchCriteriaId":"C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997743","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96164","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037806","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997743","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96164","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037806","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5149","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2017-02-13T22:59:00.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints."},{"lang":"es","value":"Ha sido descubierto un problema en St. Jude Medical Merlin@home, versiones anteriores a la versión 8.2.2 (modelos RF: EX1150, modelos inductivos: EX1100 y modelos inductivos: EX1100 con capacidad MerlinOnDemand). No se verifican las identidades de los puntos finales para el canal de comunicación entre el transmisor y el sitio web de St. Jude Medical, Merlin.net. Esto puede permitir que un atacante man-in-the-middle acceda o influya en las comunicaciones entre los puntos finales identificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:abbott:merlin\\@home_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"DB01C075-4332-4FDA-94DE-64EFA3C7829D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:abbott:merlin\\@home_ex1100:-:*:*:*:*:*:*:*","matchCriteriaId":"1D96349E-317D-4A53-81A3-1FFFDA942A36"},{"vulnerable":false,"criteria":"cpe:2.3:h:abbott:merlin\\@home_ex1150:-:*:*:*:*:*:*:*","matchCriteriaId":"E1E96A4A-6163-4EE7-A756-B751D0B0C7B9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95331","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A","source":"ics-cert@hq.dhs.gov","tags":["Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/95331","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2016-10223","sourceIdentifier":"cve@mitre.org","published":"2017-02-14T06:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the \"id\" HTTP GET parameter passed to the \"core/admin/adjax/dashboard/check-module-integrity.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Ha sido descubierto un problema en BigTree CMS en versiones anteriores a 4.2.15. La vulnerabilidad existe debido a la filtración insuficiente de datos suministrados por el usuario en el parámetro \"id\" HTTP GET pasado a la URL \"core/admin/adjax/dashboard/check-module-integrity.php\". Un atacante podría ejecutar HTML y código script arbitrario en un navegador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.14","matchCriteriaId":"549BFFEC-38DD-496E-8FE0-0B04B45DFF1D"}]}]}],"references":[{"url":"https://github.com/bigtreecms/BigTree-CMS/blob/master/README.md","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigtreecms/BigTree-CMS/commit/59ebef5978f80e2fdc7b4db4a28b668c5a39fbc3","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/bigtreecms/BigTree-CMS/blob/master/README.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/bigtreecms/BigTree-CMS/commit/59ebef5978f80e2fdc7b4db4a28b668c5a39fbc3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5967","sourceIdentifier":"cve@mitre.org","published":"2017-02-14T06:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c."},{"lang":"es","value":"El subsistema de tiempo en el kernel de Linux hasta la versión 4.9.9, cuando CONFIG_TIMER_STATS está habilitado, permite a usuarios locales descubrir valores PID reales (diferenciados de valores PID dentro de un namespace PID) leyendo el archivo /proc/timer_list, relacionado con la función print_timer en kernel/time/timer_list.c y la función __timer_stats_timer_set_start_info en kernel/time/timer.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.9","matchCriteriaId":"CF87A92B-86F0-4844-BC1B-2BF0656B0372"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96271","source":"cve@mitre.org"},{"url":"https://bugzilla.kernel.org/show_bug.cgi?id=193921","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=dfb4357da6ddbdf57d583ba64361c9d792b0e0b1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96271","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.kernel.org/show_bug.cgi?id=193921","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2017-5970","sourceIdentifier":"cve@mitre.org","published":"2017-02-14T06:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options."},{"lang":"es","value":"La función ipv4_pktinfo_prepare en net/ipv4/ip_sockglue.c en el kernel de Linux hasta la versión 4.9.9 permite a atacantes provocar una denegación de servicio (caída de sistema) a través de (1) una aplicación que hace llamadas de sistema manipuladas o posiblemente (2) tráfico IPv4 con opciones IP inválidas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.9","matchCriteriaId":"CF87A92B-86F0-4844-BC1B-2BF0656B0372"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/12/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96233","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:2669","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421638","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://patchwork.ozlabs.org/patch/724136/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-07-01","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/12/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96233","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:2669","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421638","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://patchwork.ozlabs.org/patch/724136/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-07-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5972","sourceIdentifier":"cve@mitre.org","published":"2017-02-14T06:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code."},{"lang":"es","value":"La pila TCP en el kernel de Linux versiones 3.x, no implementa apropiadamente un mecanismo de protección de cookies SYN para el caso de una conexión de red rápida, lo que permite a los atacantes remotos causar una denegación de servicio (consumo de CPU) mediante el envío de muchos paquetes TCP SYN, como es demostrado por un ataque contra el paquete kernel versión 3.10.0 en CentOS Linux versión 7. NOTA: terceros no han podido discernir ninguna relación entre la búsqueda de GitHub Engineering y el código de ataque Trigemini.c."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndIncluding":"3.19.8","matchCriteriaId":"480F226E-935E-4AA0-AEDC-7A164F28B1A0"}]}]}],"references":[{"url":"http://seclists.org/oss-sec/2017/q1/573","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96231","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/security/cve/cve-2017-5972","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1422081","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://cxsecurity.com/issue/WLB-2017020112","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://githubengineering.com/syn-flood-mitigation-with-synsanity/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2017-5972","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41350/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/oss-sec/2017/q1/573","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96231","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/security/cve/cve-2017-5972","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1422081","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://cxsecurity.com/issue/WLB-2017020112","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://githubengineering.com/syn-flood-mitigation-with-synsanity/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://packetstormsecurity.com/files/141083/CentOS7-Kernel-Denial-Of-Service.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://security-tracker.debian.org/tracker/CVE-2017-5972","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41350/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2968","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability."},{"lang":"es","value":"Adobe Campaign, versiones 16.4 Build 8724 y anteriores, tienen una vulnerabilidad de inyección de código."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:campaign:*:8724:*:*:*:*:*:*","versionEndIncluding":"16.4","matchCriteriaId":"444F9BC6-ABFB-4C32-852E-D96303B6BBF9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96197","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/campaign/apsb17-03.html","source":"psirt@adobe.com","tags":["Broken Link"]},{"url":"https://helpx.adobe.com/security/products/campaign/apsb17-06.html","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96197","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/campaign/apsb17-03.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]}]}},{"cve":{"id":"CVE-2017-2969","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability."},{"lang":"es","value":"Adobe Campaign, versiones 16.4 Build 8724 y anteriores, tienen una vulnerabilidad de XSS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:campaign:*:8724:*:*:*:*:*:*","versionEndIncluding":"16.4","matchCriteriaId":"444F9BC6-ABFB-4C32-852E-D96303B6BBF9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96200","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/campaign/apsb17-03.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96200","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/campaign/apsb17-03.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2973","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Digital Editions, versiones 4.5.3 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96192","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96192","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2974","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2975","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2976","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2977","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2978","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2979","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2980","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2981","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."},{"lang":"es","value":"Adobe Digital Editions versión 4.5.3 y versiones anteriores tienen una vulnerabilidad de sobre lectura de búfer explotable. Explotación exitosa podría conducir a divulgación de información."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:digital_editions:*:*:*:*:*:*:*:*","versionEndIncluding":"4.5.3","matchCriteriaId":"23BF0539-1B30-4EFD-9A86-41FB6E35BA4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96195","source":"psirt@adobe.com"},{"url":"http://www.securitytracker.com/id/1037816","source":"psirt@adobe.com"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"psirt@adobe.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96195","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037816","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2982","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in a routine related to player shutdown. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación en una rutina relacionada con el apagado del reproductor. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2984","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica en la rutina del decodificador h264. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2985","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación en la clase ActionScript 3 BitmapData. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41422/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41422/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2986","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica en el códec de Flash Video (FLV). La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41423/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41423/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2987","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable integer overflow vulnerability related to Flash Broker COM. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de entero relacionada con Flash Broker COM. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96194","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96194","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2988","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de corrupción de memoria cuando se realiza la recolección de elementos no utilizados. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41421/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41421/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2990","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de corrupción de memoria en la rutina de descompresión h264. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2991","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de corrupción de memoria en el códec h264 (relacionado con la descompresión). La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2992","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de desbordamiento de memoria dinámica cuando se analiza una cabecera MP4. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41420/","source":"psirt@adobe.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96193","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41420/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2993","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability related to event handlers. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación relacionado con controladores de eventos. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2994","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.807","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in Primetime SDK event dispatch. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de uso después de liberación en el envío de eventos de Primetime SDK. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.221","matchCriteriaId":"6F017128-1329-4EA4-9E6F-EFC279D1A296"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.221","matchCriteriaId":"68A43DA8-9EE3-4423-9E01-7AEE3DD378DD"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.221","matchCriteriaId":"C5EFFCBC-AB30-47D8-ACC5-91FDB5F733C6"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.221","matchCriteriaId":"B72F98B2-B74E-4F12-9415-F0B94035F273"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0526.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Not Applicable","Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0526.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96199","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2995","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.823","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de confusión de tipo relacionada con la clase MessageChannel. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-843"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96191","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96191","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2996","sourceIdentifier":"psirt@adobe.com","published":"2017-02-15T06:59:00.853","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution."},{"lang":"es","value":"Adobe Flash Player, versiones 24.0.0.194 y anteriores, tienen una vulnerabilidad explotable de corrupción de memoria en Primetime SDK. La explotación exitosa podría conducir a la ejecución de código arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"72027AB8-CD81-4DC3-9898-F4CE2BAE309A"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*","matchCriteriaId":"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"DB881360-123D-413E-88F3-C402DD92D1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"A2E601B7-FB5B-4B6B-8AC3-1B7503D3DBEB"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*","matchCriteriaId":"E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*","versionEndIncluding":"24.0.0.194","matchCriteriaId":"EAA0C4E6-7324-424C-A7C8-DEE39551A847"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*","matchCriteriaId":"4781BF1E-8A4E-4AFF-9540-23D523EE30DD"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"psirt@adobe.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"psirt@adobe.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"psirt@adobe.com","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0275.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96190","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037815","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"https://helpx.adobe.com/security/products/flash-player/apsb17-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-20","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5990","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T06:59:00.887","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in PhreeBooksERP before 2017-02-13. The vulnerability exists due to insufficient filtration of user-supplied data in the \"form\" HTTP GET parameter passed to the \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" and \"PhreeBooksERP-master/extensions/ShippingMethods/yrc/label_mgr/js_include.php\" URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. NOTE: these js_include.php files do not exist in the SourceForge \"stable release\" (aka R37RC1)."},{"lang":"es","value":"Ha sido descubirto un problema en PhreeBooksERP en versiones anteriores a 2017-02-13. La vulnerabilidad existe debido a la insuficiente filtración de los datos suministrados por el usuario en el \"formulario\" parámetro HTTP GET pasado a \"PhreeBooksERP-master/extensions/ShippingMethods/ups/label_mgr/js_include.php\" y \"PhreeBooksERP-master/extensions/ShippingMethods/Yrc/label_mgr/js_include.php\". Un atacante podría ejecutar código HTML y código script arbitrario en un navegador en el contexto del sitio web vulnerable. NOTA: estos archivos js_include.php no existen en la \"versión estable\" de SourceForge (también conocida como R37RC1)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phreesoft:phreebookserp:*:*:*:*:*:*:*:*","versionEndIncluding":"2016-01-23","matchCriteriaId":"9D4BCB80-A6AA-476E-BF89-CC911FDE0E40"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96219","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/phreebooks/PhreeBooksERP/issues/230","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/phreebooks/PhreeBooksERP/commit/f2a32dede7cc7f9ff59fe983c5e4abe2966d837c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/phreebooks/PhreeBooksERP/issues/230","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5991","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T06:59:00.917","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected."},{"lang":"es","value":"Se ha descubierto un problema en Artifex MuPDF antes de 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. La función pdf_run_xobject en pdf-op-run.c encuentra una derivación de puntero NULL durante una operación de pintura Fitz fz_paint_pixmap_with_mask. Las versiones 1.11 y posteriores no se ven afectadas"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*","versionEndExcluding":"1.11","matchCriteriaId":"79F8012F-8057-46D9-8638-40EA6CE979F7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96213","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697500","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-08","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42138/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://git.ghostscript.com/?p=mupdf.git%3Bh=1912de5f08e90af1d9d0a9791f58ba3afdb9d465","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96213","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-08","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/42138/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2013-7459","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función ALGnew en block_templace.c en Python Cryptography Toolkit (también conocido como pycrypto) permite a atacantes remotos ejecutar código arbitrario como se demuestra por un parámetro iv manipulado para cryptmsg.py."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.1","matchCriteriaId":"9A04076A-FFA3-48C6-A43D-171C93A38B5A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/27/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95122","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409754","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/dlitz/pycrypto/issues/176","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/","source":"cve@mitre.org"},{"url":"https://pony7.fr/ctf:public:32c3:cryptmsg","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-14","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/27/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95122","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/dlitz/pycrypto/issues/176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://pony7.fr/ctf:public:32c3:cryptmsg","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-14","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2015-8979","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long string sent to TCP port 4242."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función parsePresentationContext en storescp en DICOM dcmtk-3.6.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de una cadena larga enviada al puerto TCP 4242."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dicom:dcmtk:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6.0","matchCriteriaId":"241E6AA1-12D9-4E30-8420-09AA54255593"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2016/dsa-3749","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94951","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405919","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/140191/DCMTK-storescp-DICOM-storage-C-STORE-SCP-Remote-Stack-Buffer-Overflow.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2016/dsa-3749","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/18/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94951","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1405919","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-10089","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641."},{"lang":"es","value":"Nagios 4.3.2 y anteriores permite a los usuarios locales obtener privilegios root mediante un ataque de vínculo físico en el archivo de script init de Nagios. Esta vulnerabilidad está relacionada con CVE-2016-8641."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagios:nagios:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.4","matchCriteriaId":"46169755-05CD-4043-A730-5A4D2433D407"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/30/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95171","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/30/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95171","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-1880","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to \"handling of Linux futex robust lists.\""},{"lang":"es","value":"La capa de compatibilidad de Linux en el kernel en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales leer porciones de la memoria del kernel y potencialmente obtener privilegios a través de vectores no especificados, relacionado con \"manejo de listas robustas de futex de Linux\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*","matchCriteriaId":"57052F01-8695-4C63-A947-7671375B9312"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1034675","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1034675","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:03.linux.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1881","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call."},{"lang":"es","value":"El kernel en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales provocar una denegación de servicio (caída) o potencialmente obtener privilegios a través de una llamada de sistema setgroups de capa de compatibilidad de Linux."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*","matchCriteriaId":"57052F01-8695-4C63-A947-7671375B9312"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"}]}]}],"references":[{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1034676","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1034676","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1883","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.373","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors."},{"lang":"es","value":"La llamada de sistema issetugid en la capa de compatibilidad de Linux en FreeBSD 9.3, 10.1 y 10.2 permite a usuarios locales obtener privilegios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*","matchCriteriaId":"57052F01-8695-4C63-A947-7671375B9312"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1034872","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1034872","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:10.linux.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1888","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.403","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows remote attackers to inject arguments to login and bypass authentication via vectors involving a \"sequence of memory allocation failures.\""},{"lang":"es","value":"El servicio telnetd en FreeBSD 9.3, 10.1, 10.2, 10.3 y 11.0 permite a atacantes remotos inyectar argumentos para iniciar sesión y eludir la autenticación a través de vectores que implican una \"secuencia de fallos de asignación de memoria\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:9.3:*:*:*:*:*:*:*","matchCriteriaId":"57052F01-8695-4C63-A947-7671375B9312"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*","matchCriteriaId":"E102E760-362C-4DC7-BDED-E2CF9F94ECE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*","matchCriteriaId":"53E56F4F-B418-44DD-9C97-7276A4C58F3E"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1037399","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037399","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:36.telnetd.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1889","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T15:59:00.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor."},{"lang":"es","value":"Desbordamiento de entero en el bhyve hypervisor en FreeBSD 10.1, 10.2, 10.3 y 11.0 cuando se configura con una gran cantidad de memoria huésped, permite a usuarios locales obtener privilegios a través del descriptor de un dispositivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*","matchCriteriaId":"F6D63B21-9D2E-4B15-9E60-6181D44B1F55"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*","matchCriteriaId":"21EFF723-7B5A-4712-8A6B-56CADAA4BFD5"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*","matchCriteriaId":"E102E760-362C-4DC7-BDED-E2CF9F94ECE7"},{"vulnerable":true,"criteria":"cpe:2.3:o:freebsd:freebsd:11.0:*:*:*:*:*:*:*","matchCriteriaId":"53E56F4F-B418-44DD-9C97-7276A4C58F3E"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1037400","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037400","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-0360","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference #: 1983457."},{"lang":"es","value":"El cliente de IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0 y 9.0 provee clases que deserializan objetos desde fuentes no confiables que podrían permitir a un usuario malicioso ejecutar código Java arbitrario añadiendo clases vulnerables a la ruta de clase. IBM Referencia #: 1983457."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq_jms:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"38413684-BF56-4198-A6F8-1BE0B639C595"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq_jms:7.1:*:*:*:*:*:*:*","matchCriteriaId":"3D4AF1EA-D3F9-4810-961C-C706BFB5DDDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq_jms:7.5:*:*:*:*:*:*:*","matchCriteriaId":"085F1356-C801-423C-88E4-BF8B945B3CEC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq_jms:8.0:*:*:*:*:*:*:*","matchCriteriaId":"3C30907A-9B3A-4520-BE24-3ED1F4AD0E3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq_jms:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7AAE75DB-6A45-468F-9B60-8A4C1088D6B7"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21983457","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95317","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037561","source":"psirt@us.ibm.com"},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21983457","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95317","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037561","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3694","sourceIdentifier":"secalert@redhat.com","published":"2017-02-15T19:59:00.203","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php."},{"lang":"es","value":"Múltiples vulnerabilidades de inyección SQL en eCommerce Shopsoftware modificado 2.0.0.0 revisión 9678, cuando el easybill-module no está instalado, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro (1) orders_status o (2) customers_status a api/easybill/easybillcsv.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:modified:ecommerce_shopsoftware:2.0.0.0:r9678:*:*:*:*:*:*","matchCriteriaId":"67F74D38-698C-4DD7-8D4F-1A5CFAB511CB"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39710/","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/136734/modified-eCommerce-2.0.0.0-Rev-9678-SQL-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/39710/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6033","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1995545."},{"lang":"es","value":"IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) es vulnerable CSRF lo que podría permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que la página web confía. IBM Referencia #: 1995545."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4C7423DD-591C-4E18-A790-C92E70D939C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"0D197F0D-04B0-4C11-BEF2-6E001620A814"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.2:*:*:*:*:*:*:*","matchCriteriaId":"D0CAEF92-25C5-4B76-8BEF-3F40D5CEE93B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A3283700-2A4A-44D8-86DB-C2075BE96517"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"E8F1687B-A288-4211-8D3D-CE1BB21800FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"9F89FD0D-6CE9-4BBA-B975-9903A41535A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6:*:*:*:*:*:*:*","matchCriteriaId":"B17533F4-BFEA-4F9F-9571-3078AAA63D01"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"C2E9340A-E44A-4CD2-9564-206F80FB0B76"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager_for_virtual_environments_data_protection_for_vmware:7.1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"721B0589-73A3-4725-B721-8B59AA2D69BF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EC9C3D68-7DFB-4A0F-95A9-615467D8AF52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D3CDAFDF-0A2E-4E05-9362-7623CBDE183F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"BA4D7E77-7031-4B2F-B3CB-B151D85B514C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"0B340A03-6F76-4B75-9EF7-45B01AAAB4E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"46D89760-0295-48D8-866F-57FEC1CE8CF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5937B517-56A6-4597-ACC2-B681F122FA13"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"7C48BF04-559D-43EF-8380-9AEE80397E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.6:*:*:*:*:*:*:*","matchCriteriaId":"E88685DC-D870-486A-9643-F3B541D743F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_flashcopy_manager_for_vmware:4.1.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2BA58A82-8231-44C0-9B06-3BA60E2D217C"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995545","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95102","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95102","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6060","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547."},{"lang":"es","value":"Una vulnerabilidad no revelada en IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 podría permitir a un usuario JazzGuest ver nombres de proyectos. IBM Referencia #: 1995547."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4EFFBB5B-8566-45BC-9123-5418821E6EB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5BF2CC2A-232C-43A6-8C9B-E6125C051BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2A84EA62-E3F8-4E4C-9FEF-065300C4611A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0232D8EF-1DB3-477D-818C-B79B68406197"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7E8158D2-ECB0-4F89-BE73-568CA213D9B8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995547","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6077","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584."},{"lang":"es","value":"IBM Cognos Disclosure Management 10.2 podría permitir a un atacante malicioso ejecutar comandos como un usuario menos privilegiado que abre un documento malicioso. IBM Referencia #: 1991584."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.0:*:*:*:*:*:*:*","matchCriteriaId":"A6463884-7782-4EC0-ADD8-126C31A68525"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.1:*:*:*:*:*:*:*","matchCriteriaId":"31836D39-C180-4EE3-9473-07FB71E311D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.2:*:*:*:*:*:*:*","matchCriteriaId":"A56D899A-DC49-430C-A281-5410375F334E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.3:*:*:*:*:*:*:*","matchCriteriaId":"976BE043-A802-493C-92F8-F504FF64AFFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.4:*:*:*:*:*:*:*","matchCriteriaId":"A21629CB-55DD-4F83-B50D-1EC4D88A733E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.5:*:*:*:*:*:*:*","matchCriteriaId":"3144BCAF-001D-47D9-ABBC-AC9854371463"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:cognos_disclosure_management:10.2.6:*:*:*:*:*:*:*","matchCriteriaId":"F09FF6F5-01AC-4356-9583-3179345152E8"}]}]}],"references":[{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991584","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93829","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21991584","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93829","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6079","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053."},{"lang":"es","value":"IBM AIX 5.3, 6.1, 7.1 y 7.2 contiene una vulnerabilidad no especificada que permitiría a un usuario autenticado localmente obtener privilegios nivel root. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*","matchCriteriaId":"EA8DDF4A-1C5D-4CB1-95B3-69EAE6572507"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","matchCriteriaId":"FD518B94-9CD7-4C45-8766-578CF427B4CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0402E20C-8B41-4A2A-BFF9-92EC843985F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*","matchCriteriaId":"6791504A-A48A-4ED0-94AF-4C8A3B91516F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EBB1E35B-EBF5-4F5E-8BD7-50E264B4759B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C17C77E3-ABCE-4F1F-A55D-DB61A2A5E28F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*","matchCriteriaId":"89B876D5-7095-4BA2-9EE3-3F0632BC2E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*","matchCriteriaId":"918D00A4-5502-4DD6-A079-807AB3E964B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A38E8EAD-0742-41CB-B69E-DCC483CBC485"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D1E3BE5C-5097-4585-AF0D-79661DC4A231"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"953723A1-606F-4976-A843-1A3F020B9B53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3F70EC32-7365-4653-8843-84C92EE9EC68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"AFABBD01-0773-4823-ABBA-95181558C88E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CE68D967-3356-4CF1-A582-F4EEAC52FA1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"75F11AA6-E01D-4951-BB2C-31BB181DF895"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*","matchCriteriaId":"F2D6AF76-02D2-42C1-9620-8F73D5547CC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C762024B-5792-43A3-A82F-A1C0F152F7BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CB6DD83-F8B5-4286-879C-EDD35F5C7FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"9F110827-BCB4-468D-B8F7-4B545F965BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"43E177AD-166A-4521-89BE-66E7571EB80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"3FAE0988-3222-4B11-A809-DFEE0FFDD98F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"683595A9-7C48-455D-91E7-BF7E1F5B4BF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1851D0FB-87ED-408B-84E7-40FB5730DF49"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.70:*:*:*:*:*:*:*","matchCriteriaId":"87E318CF-A37A-462C-BBD9-C204903473E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"DE446DB7-3B45-461A-A8E7-5DAFAD8AE5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"32B39B8F-50BF-460E-BD26-5C38E125362F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"FA02D40A-7BC3-42C4-8CEF-C992A3EECE4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"35AB63E6-D66C-4F69-8C76-5BB56B0D6A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D3F16ABD-287C-4710-9720-570648A13F97"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.50:*:*:*:*:*:*:*","matchCriteriaId":"F91C924A-F383-4875-887E-4C059CA4F5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.51:*:*:*:*:*:*:*","matchCriteriaId":"0F207983-A483-497B-B1F4-FA21D156B9C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.52:*:*:*:*:*:*:*","matchCriteriaId":"B8236623-0E6F-4E58-B874-4327C7A08D67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.60:*:*:*:*:*:*:*","matchCriteriaId":"AFEB862B-3D48-4B79-9459-B256B8130D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.70:*:*:*:*:*:*:*","matchCriteriaId":"10CF6973-5A1A-4138-A608-999181C08012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77DDD51C-3769-49B5-BC33-9B72BE963894"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"64519E21-0EB7-4452-8BE3-62B1136265A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.10:*:*:*:*:*:*:*","matchCriteriaId":"E03847F2-0AE3-499B-96DD-4ECC7EA10692"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.21:*:*:*:*:*:*:*","matchCriteriaId":"40A3B8F7-DF46-4664-9E9D-CD0CA950FB5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.22:*:*:*:*:*:*:*","matchCriteriaId":"E6C02E4E-2B79-426F-92CA-512EEC38FD4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.23:*:*:*:*:*:*:*","matchCriteriaId":"15F1D8C3-1F06-4AA5-B76D-529F7CBC9809"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.30:*:*:*:*:*:*:*","matchCriteriaId":"AD6F29F6-36CA-4C3F-B5BE-31C8559FFD62"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"E69C878E-72C5-4119-8CA1-25F0236CEB31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.5.10:*:*:*:*:*:*:*","matchCriteriaId":"C5E265DC-511E-4800-9BD4-922C96B59CF0"}]}]}],"references":[{"url":"http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94090","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037256","source":"psirt@us.ibm.com"},{"url":"https://www.exploit-db.com/exploits/40710/","source":"psirt@us.ibm.com"},{"url":"http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94090","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037256","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40710/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6832","sourceIdentifier":"secalert@redhat.com","published":"2017-02-15T19:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the ff_audio_resample function in resample.c in libav before 11.4 allows remote attackers to cause a denial of service (crash) via vectors related to buffer resizing."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función ff_audio_resample en resample.c en libav en versiones anteriores a 11.4 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con redimensionamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*","versionEndIncluding":"11.3","matchCriteriaId":"C7F2BA9F-2784-490A-9765-116F49A4BC90"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/13/1","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/1","source":"secalert@redhat.com","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.libav.org/show_bug.cgi?id=825","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=0ac8ff618c5e6d878c547a8877e714ed728950ce","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/13/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.libav.org/show_bug.cgi?id=825","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=0ac8ff618c5e6d878c547a8877e714ed728950ce","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6866","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"slock allows attackers to bypass the screen lock via vectors involving an invalid password hash, which triggers a NULL pointer dereference and crash."},{"lang":"es","value":"slock permite a atacantes eludir el bloqueo de pantalla a través de vectores que involucran un hash de contraseña inválido, lo que desencadena una referencia a puntero NULL y caída."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suckless:slock:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3","matchCriteriaId":"3EF2A2E4-B09C-42A7-A6B1-C771F3BE9436"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://s1m0n.dft-labs.eu/files/slock/slock.txt","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/22","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/24","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92546","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/","source":"cve@mitre.org"},{"url":"http://git.suckless.org/slock/commit/?id=d8bec0f6fdc8a246d78cb488a0068954b46fcb29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://s1m0n.dft-labs.eu/files/slock/slock.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/18/24","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92546","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FYPV6QQPPYBL3Z2BYNYEJB67FSC55OR/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RZPEJQNVODYSI4WQXM5GQKXRO7TPK2VG/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8682","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.453","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted SCT header."},{"lang":"es","value":"La función ReadSCTImage en coders/sct.c en GraphicsMagick 1.3.25 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una cabecera SCT manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*","matchCriteriaId":"42C41978-F9EF-4C9A-9E52-2F1391BA684B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93597","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93597","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-8683","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.487","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a \"file truncation error for corrupt file.\""},{"lang":"es","value":"La función ReadPCXImage en coders/pcx.c en GraphicsMagick 1.3.25 permite a atacantes remotos tener impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria y un \"error de truncamiento de archivo para archivos corruptos\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*","matchCriteriaId":"42C41978-F9EF-4C9A-9E52-2F1391BA684B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93600","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93600","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-8684","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a \"file truncation error for corrupt file.\""},{"lang":"es","value":"La función MagickMalloc en magick/memory.c en GraphicsMagick 1.3.25 permite a atacantes remotos tener impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria y un \"error de truncamiento de archivo para archivos corruptos\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*","matchCriteriaId":"42C41978-F9EF-4C9A-9E52-2F1391BA684B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/15","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93779","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","US Government Resource"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93779","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-8687","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.580","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función safe_fprintf en tar/util.c en libarchive 3.2.1 permite a atacantes remotos provocar una denegación de servicio a través de un carácter multibyte manipulado no imprimible en un nombre de archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"4D64396A-0476-4C56-82AB-353D8DA332E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377926","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8688","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c."},{"lang":"es","value":"El licitador mtree en libarchive 3.2.1 no realiza un seguimiento de los tamaños de línea cuando amplía la lectura anticipada, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado, lo que desencadena una lectura inválida en la función (1) detect_form o (2) bid_entry en libarchive/archive_read_support_format_mtree.c."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"4D64396A-0476-4C56-82AB-353D8DA332E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377923","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8689","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.703","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive."},{"lang":"es","value":"La función read_Header en archive_read_support_format_7zip.c en libarchive 3.2.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de múltiples atributos EmptyStream en una cabecera en un archivo 7zip."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"4D64396A-0476-4C56-82AB-353D8DA332E3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377925","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93781","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377925","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8690","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.750","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command."},{"lang":"es","value":"La función bmp_getdata en libjasper/bmp/bmp_dec.c en JasPer en versiones anteriores a 1.900.5 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de una imagen BMP manipulada en un comando imginfo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.29","matchCriteriaId":"CCF49ACD-FE11-4860-9C14-7E25859C0C1A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93590","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385499","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93590","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385499","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/8f62b4761711d036fd8964df256b938c809b7fca","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8691","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.797","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command."},{"lang":"es","value":"La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor XRsiz manipulado en una imagen BMP al comando imginfo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.3","matchCriteriaId":"E81E90E4-1DA2-4315-9433-075489847D30"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3785","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93593","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385502","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93593","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8692","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.847","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted YRsiz value in a BMP image to the imginfo command."},{"lang":"es","value":"La función jpc_dec_process_siz en libjasper/jpc/jpc_dec.c en JasPer en versiones anteriores a 1.900.4 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de la aplicación) a través de un valor YRsiz manipulado en una imagen BMP al comando imginfo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.3","matchCriteriaId":"E81E90E4-1DA2-4315-9433-075489847D30"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3785","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93588","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385502","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93588","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385502","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8693","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.923","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Double free vulnerability in the mem_close function in jas_stream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image to the imginfo command."},{"lang":"es","value":"Vulnerabilidad de liberación doble en la función mem_close en jas_stream.c en JasPer en versiones anteriores a 1.900.10 permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de una imagen BMP manipulada al comando imginfo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndIncluding":"1.900.5","matchCriteriaId":"889A552E-6A6B-4CD4-9062-D409691344A0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93587","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385507","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/23/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93587","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385507","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22FCKKHQCQ3S6TZY5G44EFDTMWOJXJRD/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8862","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:00.970","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure."},{"lang":"es","value":"La función AcquireMagickMemory en MagickCore/memory.c en ImageMagick en versiones anteriores a 7.0.3.3 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.4-0","matchCriteriaId":"CFC2C780-A54E-4426-9C52-46A20216339E"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.3-3","matchCriteriaId":"21B6C677-0AF8-440B-A20D-D4921BCD93F2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3726","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93794","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387135","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/271","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1387135","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8866","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:01.017","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick 7.0.3.3 before 7.0.3.8 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862."},{"lang":"es","value":"La función AcquireMagickMemory en MagickCore/memory.c en ImageMagick 7.0.3.3 en versiones anteriores a 7.0.3.8 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada, lo que desencadena un fallo de asignación de memoria. NOTA: esta vulnerabilidad existe debido a una reparación incompleta de CVE-2016-8862."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.6-6","matchCriteriaId":"7C612E58-4C8B-4001-8BAF-4D18475FF871"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndIncluding":"7.0.3-7","matchCriteriaId":"26990F9A-5EE5-4E27-AD74-9E92C11BD628"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html","source":"cve@mitre.org","tags":["Broken Link","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/21/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388816","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/271","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00085.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00006.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/20/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/21/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1388816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8944","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:01.063","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234."},{"lang":"es","value":"IBM AIX 7.1 y 7.2 permite a un usuario local abrir un archivo con un argumento especialmente manipulado que podría bloquear el sistema. IBM APARs: IV91488, IV91487, IV91456, IV90234."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0402E20C-8B41-4A2A-BFF9-92EC843985F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*","matchCriteriaId":"6791504A-A48A-4ED0-94AF-4C8A3B91516F"}]}]}],"references":[{"url":"http://aix.software.ibm.com/aix/efixes/security/sysproc_advisory.asc","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95888","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037759","source":"psirt@us.ibm.com"},{"url":"http://aix.software.ibm.com/aix/efixes/security/sysproc_advisory.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95888","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037759","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8968","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:01.097","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998515."},{"lang":"es","value":"IBM Jazz Foundation es vulnerable a las secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario de la Web alterando así funcionalidad prevista conduciendo potencialmente a la divulgación de crecenciales dentro de una sesión de confianza. IBM Referencia #: 1998515."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3010A6F8-A2C7-4236-B5F8-21BC6581B823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"4F9D6232-16BC-4985-97BE-9AEA8E30FB4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"96CFA6A6-19E4-4325-BCDF-5AFA8A366196"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998515","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96282","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037820","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037821","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037822","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037823","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96282","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037820","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037821","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037822","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037823","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8972","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:01.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011."},{"lang":"es","value":"IBM AIX 6.1, 7.1 y 7.2 podría permitir a un usuario local obtener privilegios de root utilizando un comando especialmente manipulado dentro del cliente de bellmail. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","matchCriteriaId":"FD518B94-9CD7-4C45-8766-578CF427B4CF"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","matchCriteriaId":"0402E20C-8B41-4A2A-BFF9-92EC843985F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*","matchCriteriaId":"6791504A-A48A-4ED0-94AF-4C8A3B91516F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"EBB1E35B-EBF5-4F5E-8BD7-50E264B4759B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*","matchCriteriaId":"C17C77E3-ABCE-4F1F-A55D-DB61A2A5E28F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*","matchCriteriaId":"89B876D5-7095-4BA2-9EE3-3F0632BC2E77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*","matchCriteriaId":"918D00A4-5502-4DD6-A079-807AB3E964B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*","matchCriteriaId":"A38E8EAD-0742-41CB-B69E-DCC483CBC485"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"D1E3BE5C-5097-4585-AF0D-79661DC4A231"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"953723A1-606F-4976-A843-1A3F020B9B53"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3F70EC32-7365-4653-8843-84C92EE9EC68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*","matchCriteriaId":"AFABBD01-0773-4823-ABBA-95181558C88E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*","matchCriteriaId":"CE68D967-3356-4CF1-A582-F4EEAC52FA1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*","matchCriteriaId":"75F11AA6-E01D-4951-BB2C-31BB181DF895"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*","matchCriteriaId":"F2D6AF76-02D2-42C1-9620-8F73D5547CC4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*","matchCriteriaId":"C762024B-5792-43A3-A82F-A1C0F152F7BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*","matchCriteriaId":"0CB6DD83-F8B5-4286-879C-EDD35F5C7FDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"9F110827-BCB4-468D-B8F7-4B545F965BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*","matchCriteriaId":"43E177AD-166A-4521-89BE-66E7571EB80E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*","matchCriteriaId":"3FAE0988-3222-4B11-A809-DFEE0FFDD98F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*","matchCriteriaId":"683595A9-7C48-455D-91E7-BF7E1F5B4BF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.6:*:*:*:*:*:*:*","matchCriteriaId":"1851D0FB-87ED-408B-84E7-40FB5730DF49"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.2.70:*:*:*:*:*:*:*","matchCriteriaId":"87E318CF-A37A-462C-BBD9-C204903473E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*","matchCriteriaId":"DE446DB7-3B45-461A-A8E7-5DAFAD8AE5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"32B39B8F-50BF-460E-BD26-5C38E125362F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"FA02D40A-7BC3-42C4-8CEF-C992A3EECE4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*","matchCriteriaId":"35AB63E6-D66C-4F69-8C76-5BB56B0D6A18"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*","matchCriteriaId":"D3F16ABD-287C-4710-9720-570648A13F97"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.50:*:*:*:*:*:*:*","matchCriteriaId":"F91C924A-F383-4875-887E-4C059CA4F5D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.51:*:*:*:*:*:*:*","matchCriteriaId":"0F207983-A483-497B-B1F4-FA21D156B9C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.52:*:*:*:*:*:*:*","matchCriteriaId":"B8236623-0E6F-4E58-B874-4327C7A08D67"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.60:*:*:*:*:*:*:*","matchCriteriaId":"AFEB862B-3D48-4B79-9459-B256B8130D25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.70:*:*:*:*:*:*:*","matchCriteriaId":"10CF6973-5A1A-4138-A608-999181C08012"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.3.80:*:*:*:*:*:*:*","matchCriteriaId":"77DDD51C-3769-49B5-BC33-9B72BE963894"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"64519E21-0EB7-4452-8BE3-62B1136265A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.10:*:*:*:*:*:*:*","matchCriteriaId":"E03847F2-0AE3-499B-96DD-4ECC7EA10692"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.21:*:*:*:*:*:*:*","matchCriteriaId":"40A3B8F7-DF46-4664-9E9D-CD0CA950FB5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.22:*:*:*:*:*:*:*","matchCriteriaId":"E6C02E4E-2B79-426F-92CA-512EEC38FD4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.23:*:*:*:*:*:*:*","matchCriteriaId":"15F1D8C3-1F06-4AA5-B76D-529F7CBC9809"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.4.30:*:*:*:*:*:*:*","matchCriteriaId":"AD6F29F6-36CA-4C3F-B5BE-31C8559FFD62"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"E69C878E-72C5-4119-8CA1-25F0236CEB31"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:vios:2.2.5.10:*:*:*:*:*:*:*","matchCriteriaId":"C5E265DC-511E-4800-9BD4-922C96B59CF0"}]}]}],"references":[{"url":"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc","source":"psirt@us.ibm.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94979","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037480","source":"psirt@us.ibm.com"},{"url":"https://www.exploit-db.com/exploits/40950/","source":"psirt@us.ibm.com"},{"url":"http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94979","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037480","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40950/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9010","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:01.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM Reference #: 1997906."},{"lang":"es","value":"IBM WebSphere Message Broker 9.0 y 10.0 podría permitir a un atacante remoto secuestrar la acción de hacer click de la víctima. Persuadiendo a la víctima para que visite un sitio web malicioso, un atacante remoto podría explotar esta vulnerabilidad para secuestrar las acciones de click de la víctima y posiblemente lanzar más ataques contra la víctima. IBM Referencia #: 1997906."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*","matchCriteriaId":"4D9B868C-9348-4D31-95F9-FEC3D91158AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"92E6A5C9-29C2-458D-AA67-E74945E2012F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*","matchCriteriaId":"0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997906","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96279","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997906","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96279","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9560","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:01.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_tsfb.c in JasPer before 1.900.30 allows remote attackers to have unspecified impact via a crafted image."},{"lang":"es","value":"El desbordamiento del búfer basado en la pila en la función jpc_tsfb_getbands2 en jpc_tsfb.c en JasPer antes de la versión 1.900.30 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*","versionEndExcluding":"1.900.30","matchCriteriaId":"7C65596E-E47A-46AC-9C6B-541B69A17E1C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","matchCriteriaId":"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"807C024A-F8E8-4B48-A349-4C68CD252CA1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"F96E3779-F56A-45FF-BB3D-4980527D721E"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"0CF73560-2F5B-4723-A8A1-9AADBB3ADA00"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"5BF3C7A5-9117-42C7-BEA1-4AA378A582EF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"83737173-E12E-4641-BC49-0BD84A6B29D0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"9BBCD86A-E6C7-4444-9D74-F861084090F0"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"7431ABC1-9252-419E-8CC1-311B41360078"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*","matchCriteriaId":"17F256A9-D3B9-4C72-B013-4EFD878BFEA8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5ED5807-55B7-47C5-97A6-03233F4FBC3A"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3785","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/20/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94428","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3785","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94428","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1208","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-9560","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9706","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-15T19:59:01.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLOWS is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997918."},{"lang":"es","value":"IBM Integration Bus 9.0 y 10.0 y WebSphere Message Broker SOAP FLOWS es vulnerable a una denegación de servicio, provocada por un error de XML External Entity Injection (XXE) cuando procesa datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. IBM Referencia #: 1997918."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:9.0:*:*:*:*:*:*:*","matchCriteriaId":"4D9B868C-9348-4D31-95F9-FEC3D91158AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:integration_bus:10.0:*:*:*:*:*:*:*","matchCriteriaId":"92E6A5C9-29C2-458D-AA67-E74945E2012F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_message_broker:8.0:*:*:*:*:*:*:*","matchCriteriaId":"0F93BF57-FD4F-456C-8DFD-CEF8B5AEF35D"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997918","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96274","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997918","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96274","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5896","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:01.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the fz_subsample_pixmap function in fitz/pixmap.c in MuPDF 1.10a allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted image."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función fz_subsample_pixmap en fitz/pixmap.c en MuPDF 1.10a permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de una imagen manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*","versionEndIncluding":"1.10","matchCriteriaId":"7718D9BB-FEB8-4C5D-847E-9085BDA1A449"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mupdf.git%3Bh=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/06/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/07/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96139","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697515","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-12","source":"cve@mitre.org"},{"url":"http://git.ghostscript.com/?p=mupdf.git%3Bh=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/06/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/07/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-12","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5992","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:01.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Openpyxl 2.4.1 resolves external entities by default, which allows remote attackers to conduct XXE attacks via a crafted .xlsx document."},{"lang":"es","value":"Openpyxl 2.4.1 resuelve entidades externas por defecto, lo que permite a atacantes remotos llevar a cabo ataques de XXE a través de un documento .xlsx manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.8}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:python:openpyxl:2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"EF54C4D9-075F-47E8-85F0-8547C99AE4C9"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/07/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bitbucket.org/openpyxl/openpyxl/issues/749","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/07/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bitbucket.org/openpyxl/openpyxl/issues/749","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5997","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T19:59:01.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remote attackers to cause a denial of service (memory consumption and process crash) via multiple msgserver/group?group= requests with a crafted size of the group parameter, aka SAP Security Note 2358972."},{"lang":"es","value":"El demonio de SAP Message Server HTTP en SAP KERNEL 7.21-7.49 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída de proceso) a través de múltiples solicitudes msgserver/group?group= con un tamaño manipulado del parámetro de grupo, vulnerabilidad también conocida como SAP Security Note 2358972."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:sap_kernel:7.21:*:*:*:*:*:*:*","matchCriteriaId":"B1DB2B37-EC52-4FE6-9861-A98A9E365B61"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:sap_kernel:7.22:*:*:*:*:*:*:*","matchCriteriaId":"80D1ECE8-0465-4B82-A0B7-BC55438FFC43"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:sap_kernel:7.42:*:*:*:*:*:*:*","matchCriteriaId":"C5C08BB4-AF7D-4609-A892-3FE34AF27F44"}]}]}],"references":[{"url":"https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/","source":"cve@mitre.org"},{"url":"https://erpscan.io/advisories/erpscan-16-038-sap-message-server-http-remote-dos/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-3801","sourceIdentifier":"psirt@cisco.com","published":"2017-02-15T20:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants. Cisco Bug IDs: CSCvb64765."},{"lang":"es","value":"Una vulnerabilidad en GUI basado en web de Cisco UCS Director 6.0.0.0 y 6.0.0.1 podría permitir a un atacante local no autenticado, ejecutar elementos arbitrarios de flujo de trabajo con tan solo un perfil de usuario final, una Vulnerabilidad de Escalada de Privilegios. La vulnerabilidad se debe a un control de acceso basado en roles (RBAC) inadecuado después de que el Developer Menu sea habilitado en Cisco UCS Director. Un atacante podría explotar esta vulnerabilidad habilitando Developer Mode para su perfil de usuario con un perfil de usuario final y añadiendo entonces nuevos catálogos con elementos arbitrarios de flujo de trabajo a su perfil. Un exploit podría permitir a un atacante llevar a cabo cualquier tipo de acciones definidas por estos elementos de flujo de trabajo, incluyendo acciones que afectaran a otros usuarios. Cisco Bug IDs: CSCvb64765."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"FDCB4D63-DC55-4A29-9A4B-E08A7EBD87CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_computing_system_director:6.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CE127C2D-0786-4853-9D2C-0ED36B2AFCCA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96235","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037830","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96235","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037830","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucs","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7392","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función pstoedit_suffix_table_init en output-pstoedit.c en AutoTrace 0.31.1 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo de imagen bmp manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:autotrace_project:autotrace:0.31.1:*:*:*:*:*:*:*","matchCriteriaId":"AD756666-3B3A-4CAB-A59C-4BA85C23233C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/10/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92907","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375255","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://security.gentoo.org/glsa/201708-09","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/10/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/12/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1375255","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://security.gentoo.org/glsa/201708-09","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7393","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función aac_sync en aac_parser.c en Libav en versiones anteriores a 11.5 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*","versionEndIncluding":"11.4","matchCriteriaId":"032D8A36-9593-448C-98B1-8B55D8D712A8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/10/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92902","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=fb1473080223a634b8ac2cca48a632d037a0a69d","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/10/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92902","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=commit%3Bh=fb1473080223a634b8ac2cca48a632d037a0a69d","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7477","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted mp3 file.  NOTE: this issue was originally reported as involving a NULL pointer dereference."},{"lang":"es","value":"La función ff_put_pixels8_xy2_mmx en rnd_template.c en Libav 11.7 permite a atacantes remotos provocar una denegación de servicio (acceso de memoria inválido y caída) a través de un archivo mp3 manipulado. NOTA: este problema fue originalmente reportado como involucrando una referencia a puntero NULL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.7:*:*:*:*:*:*:*","matchCriteriaId":"35351CFD-65C7-42A0-9B40-0D1D7009477C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93042","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7499","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file."},{"lang":"es","value":"La función sbr_make_f_master en aacsbr.c en Libav 11.7 permite a atacantes remotos provocar una denegación de servicio (error de división por cero y bloqueo de aplicación) a través de un archivo mp3 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-369"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.7:*:*:*:*:*:*:*","matchCriteriaId":"35351CFD-65C7-42A0-9B40-0D1D7009477C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93102","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=blobdiff%3Bf=libavcodec/aacsbr.c%3Bh=7d156e525b40b197c38db17acf16730845b91e56%3Bhp=dbfb1677813ce6c531e4362d0be7ccf9fdfdd28e%3Bhb=a50a5ff29ec5a8243499769e2bb9b5509ce9fd52%3Bhpb=f55e3ff5891daf3d538b4d9176371960200d68fa","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/21/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93102","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://git.libav.org/?p=libav.git%3Ba=blobdiff%3Bf=libavcodec/aacsbr.c%3Bh=7d156e525b40b197c38db17acf16730845b91e56%3Bhp=dbfb1677813ce6c531e4362d0be7ccf9fdfdd28e%3Bhb=a50a5ff29ec5a8243499769e2bb9b5509ce9fd52%3Bhpb=f55e3ff5891daf3d538b4d9176371960200d68fa","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8674","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted file."},{"lang":"es","value":"La función pdf_to_num en pdf-object.c en MuPDF en versiones anteriores a 1.10 permite a atacantes remotos provocar una denegación de servicio (uso después de liberación y bloqueo de aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:mupdf:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9a","matchCriteriaId":"3CAF561C-636F-469C-B1CB-AB016D182B3A"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/8","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93127","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697015","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697019","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385685","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://git.ghostscript.com/?p=mupdf.git%3Ba=commitdiff%3Bh=1e03c06456d997435019fb3526fa2d4be7dbc6ec","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3797","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93127","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/22/mupdf-use-after-free-in-pdf_to_num-pdf-object-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697015","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697019","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385685","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-8675","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file, possibly related to startcode sequences during m4v detection."},{"lang":"es","value":"La función get_vlc2 en get_bits.h en Libav en versiones anteriores a 11.9 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo mp3 manipulado, posiblemente relacionado con secuencias de código de inicio durante la detección de m4v."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*","versionEndIncluding":"11.8","matchCriteriaId":"95477BE5-1F6F-4DC2-85A7-6C2DC1ECB6F0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/13","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93468","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8676","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file.  NOTE: this issue exists due to an incomplete fix for CVE-2016-8675."},{"lang":"es","value":"La función get_vlc2 en get_bits.h en Libav 11.9 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo mp3 manipulado. NOTA: este problema existe debido a una corrección incompleta para CVE-2016-8675."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:*:*:*:*:*:*:*:*","versionEndIncluding":"11.8","matchCriteriaId":"95477BE5-1F6F-4DC2-85A7-6C2DC1ECB6F0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/04/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93468","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/04/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8677","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure."},{"lang":"es","value":"La función AcquireQuantumPixels en MagickCore/quantum.c en ImageMagick en versiones anteriores a 7.0.3-1 permite a atacantes remotos tener un impacto no especificado a través de un archivo de imagen manipulado, lo que desencadena un fallo en la asignación de memoria."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.5-10","matchCriteriaId":"F0BAF9F1-613B-4BE2-A15E-A3CBB9F01B01"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.3-1","matchCriteriaId":"63916CD4-BE58-4917-807D-A29804834E9D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00107.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93598","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385698","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/268","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-10/msg00107.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93598","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385698","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8678","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says \"This is a Q64 issue and we do not support Q64.\""},{"lang":"es","value":"La función IsPixelMonochrome en MagickCore/pixel-accessor.h en ImageMagick 7.0.3.0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un archivo manipulado. NOTA: el proveedor dice que \"Este es un problema de Q64 y no damos soporte a Q64\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-0:*:*:*:*:*:*:*","matchCriteriaId":"BB9B68E7-0E40-437A-A71B-0C078FE76FD8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/18","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93599","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385694","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/272","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93599","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385694","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8679","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."},{"lang":"es","value":"La función _dwarf_get_size_of_val en libdwarf/dwarf_util.c en Libdwarf en versiones anteriores a 20161124 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) llamando al comando dwarfdump en un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-11-24","matchCriteriaId":"720D5B9E-31E8-43BD-86CF-C8D947DECED4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93601","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385689","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_size_of_val-dwarf_util-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385689","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8680","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."},{"lang":"es","value":"La función _dwarf_get_abbrev_for_code en dwarf_util.c en libdwarf 20161001 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) llamando al comando dwarfdump en un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndIncluding":"2016-10-01","matchCriteriaId":"BD2F29E1-1F82-4737-B5EE-8DA8A1F6A9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93595","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385686","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93595","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/04/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385686","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8681","sourceIdentifier":"cve@mitre.org","published":"2017-02-15T21:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file."},{"lang":"es","value":"La función _dwarf_get_abbrev_for_code en dwarf_util.c en libdwarf 20161001 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) llamando al comando dwarfdump en un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionEndIncluding":"2016-10-01","matchCriteriaId":"A40BF278-0E17-47F6-93BB-6D2F35D1CEE3"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93592","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385690","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/16/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/10/06/libdwarf-heap-based-buffer-overflow-in-_dwarf_get_abbrev_for_code-dwarf_util-c-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1385690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-0308","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where untrusted input is used for buffer size calculation leading to denial of service or escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de capa de modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde una entrada no confiable se utiliza para el cálculo del tamaño del búfer, dando lugar a denegación de servicio o escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0309","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.180","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA GPU Display Driver contienen una vulnerabilidad en el gestor de capas del modo kernel en el que múltiples desbordamientos de entero pueden provocar una asignación de memoria incorrecta que conduce a una denegación de servicio o una potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*","matchCriteriaId":"3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0310","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service."},{"lang":"es","value":"Todas las versiones de NVIDIA GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel, donde controles de acceso inadecuados permiten que a usuario no privilegiado provocar una denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*","matchCriteriaId":"3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0311","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges."},{"lang":"es","value":"NVIDIA GPU Display Driver R378 contiene una vulnerabilidad en el controlador de la capa del modo kernel, donde un control de acceso incorrecto puede dar lugar a denegación de servicio o una posible escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*","matchCriteriaId":"3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0312","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges"},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys) para DxgkDdiEscapeID 0x100008b, donde la entrada proporcionada por el usuario se utiliza como límite para un bucle, puede dar lugar a una denegación de servicio o a una potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41364/","source":"psirt@nvidia.com"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41364/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0313","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en la implementación de la capa de modo kernel (nvlddmkm.sys) del SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) donde una entrada no confiable se utiliza para hacer referencia a memoria fuera del límite previsto del búfer conduciendo a denegación de servicio o escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41365/","source":"psirt@nvidia.com"},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41365/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-0314","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en la implementación de la capa de modo kernel (nvlddmkm.sys) del SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) donde una entrada no confiable se utiliza para hacer referencia a memoria fuera del límite previsto del búfer conduciendo a denegación de servicio o escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0315","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an attempt to access an invalid object pointer may lead to denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde un intento de acceso a un puntero de objeto no válido puede dar lugar a una denegación de servicio o a una potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0317","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.400","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tamper with the extracted files, potentially leading to escalation of privileges via code execution."},{"lang":"es","value":"Todas las versiones de NVIDIA GPU e instalador de GeForce Experience contienen una vulnerabilidad en la que falla en establecer permisos adecuados en la ruta de extracción de paquetes permitiendo así a un usuario no privilegiado manipular los archivos extraídos, conduciendo potencialmente a escalada de privilegios a través de la ejecución de código."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0318","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.430","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system."},{"lang":"es","value":"Todas las versiones de NVIDIA Linux GPU Display Driver contienen una vulnerabilidad en el controlador de capa de modo kernel, donde la validación incorrecta de un parámetro de entrada puede provocar una denegación de servicio en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*","matchCriteriaId":"3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0319","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel, donde un manejo incorrecto de los valores puede provocar una denegación de servicio en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0320","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper handling of values may cause a denial of service on the system."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel, donde un manejo incorrecto de los valores puede provocar una denegación de servicio en el sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0321","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA GPU Display Driver contienen una vulnerabilidad en el controlador de capa de modo kernel donde una referencia de puntero NULL provocada por una entrada de usuario no válida puede dar lugar a una denegación de servicio o potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*","matchCriteriaId":"3B2AEFCC-A2F6-45A6-A2EF-24F7906E44E2"},{"vulnerable":false,"criteria":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","matchCriteriaId":"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"},{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"},{"vulnerable":false,"criteria":"cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:*:*","matchCriteriaId":"91F372EA-3A78-4703-A457-751B2C98D796"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0322","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.540","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler where a value passed from a user to the driver is not correctly validated and used as the index to an array, leading to denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa del modo kernel (nvlddmkm.sys) donde un valor pasado por un usuario al controlador no se valida correctamente y se utiliza como el índice de un array, conduciendo a denegación de servicio o potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0323","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.570","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de capa de modo kernel, donde una referencia de puntero NULL provocada por una entrada de usuario no válida puede dar lugar a una denegación de servicio o potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0324","sourceIdentifier":"psirt@nvidia.com","published":"2017-02-15T23:59:00.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges."},{"lang":"es","value":"Todas las versiones de NVIDIA Windows GPU Display Driver contienen una vulnerabilidad en el controlador de la capa de modo kernel (nvlddmkm.sys) para DxgkDdiEscape, donde el tamaño de un búfer de entrada no está validado, dando lugar a denegación de servicio o potencial escalada de privilegios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nvidia:gpu_driver:-:*:*:*:*:*:*:*","matchCriteriaId":"8F6B8C06-F379-49FB-B0F2-097752154708"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"psirt@nvidia.com","tags":["Vendor Advisory"]},{"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4398","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6004","sourceIdentifier":"cve@mitre.org","published":"2017-02-16T11:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression."},{"lang":"es","value":"La función compile_bracket_matchingpath en pcre_jit_compile.c en PCRE hasta la versión 8.x en versiones anteriores a la revisión 1680 (por ejemplo, la versión empacada de PHP 7.1.1) permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de una expresión regular manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*","versionEndIncluding":"8.38","matchCriteriaId":"67B7289A-D5A8-4246-A98E-4B7F1F8A9AFC"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96295","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037850","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2018:2486","source":"cve@mitre.org"},{"url":"https://bugs.exim.org/show_bug.cgi?id=2035","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-11","source":"cve@mitre.org"},{"url":"https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/96295","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037850","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2018:2486","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.exim.org/show_bug.cgi?id=2035","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-11","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2017-6009","sourceIdentifier":"cve@mitre.org","published":"2017-02-16T11:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"decode_ne_resource_id\" function in the \"restable.c\" source file. This is happening because the \"len\" parameter for memcpy is not checked for size and thus becomes a negative integer in the process, resulting in a failed memcpy. This affects wrestool."},{"lang":"es","value":"Se descubrió un problema en icoutils 0.31.1. Se observó un desbordamiento de búfer en la función \"decode_ne_resource_id\" en el archivo fuente \"restable.c\". Esto está ocurriendo porque el parámetro \"len\" para memcpy no es verificado para el tamaño y se convierte así en un entero negativo en el proceso, resultando en una memcpy fallida. Esto afecta a wrestool."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icoutils_project:icoutils:0.31.1:*:*:*:*:*:*:*","matchCriteriaId":"EA764C96-0835-42EC-BDE8-AAF6960144CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96292","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96292","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854050","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6010","sourceIdentifier":"cve@mitre.org","published":"2017-02-16T11:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in icoutils 0.31.1. A buffer overflow was observed in the \"extract_icons\" function in the \"extract.c\" source file. This issue can be triggered by processing a corrupted ico file and will result in an icotool crash."},{"lang":"es","value":"Se descubrió un problema en icoutils 0.31.1. Se observó un desbordamiento de búfer en la función \"extract_icons\" en el archivo fuente \"extract.c\". Este problema se puede desencadenar al procesar un archivo ico dañado y resultará en un caída de icotool."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icoutils_project:icoutils:0.31.1:*:*:*:*:*:*:*","matchCriteriaId":"EA764C96-0835-42EC-BDE8-AAF6960144CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96288","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96288","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6011","sourceIdentifier":"cve@mitre.org","published":"2017-02-16T11:59:00.300","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in icoutils 0.31.1. An out-of-bounds read leading to a buffer overflow was observed in the \"simple_vec\" function in the \"extract.c\" source file. This affects icotool."},{"lang":"es","value":"Se descubrió un problema en icoutils 0.31.1. Se ha observado una lectura fuera de límites que conduce a un desbordamiento de búfer en la función \"simple_vec\" en el archivo fuente \"extract.c\". Esto afecta a icotool."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:icoutils_project:icoutils:0.31.1:*:*:*:*:*:*:*","matchCriteriaId":"EA764C96-0835-42EC-BDE8-AAF6960144CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","matchCriteriaId":"33C068A4-3780-4EAB-A937-6082DF847564"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"51EF4996-72F4-4FA4-814F-F5991E7A8318"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"98381E61-F082-4302-B51F-5648884F998B"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"D99A687E-EAE6-417E-A88E-D0082BC194CD"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B353CE99-D57C-465B-AAB0-73EF581127D1"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"A8442C20-41F9-47FD-9A12-E724D3A31FD7"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","matchCriteriaId":"9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","matchCriteriaId":"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"BF77CDCF-B9C9-427D-B2BF-36650FB2148C"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","matchCriteriaId":"24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","matchCriteriaId":"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","matchCriteriaId":"825ECE2D-E232-46E0-A047-074B34DB1E97"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96267","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0837.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3807","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96267","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854054","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Mailing List","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201801-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-5919","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-16T20:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM Reference #: 1996868."},{"lang":"es","value":"IBM Security Access Manager for Web 7.0.0, 8.0.0 y 9.0.0 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente sensible. Referencia de IBM: 1996868."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_7.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"5A5ACB34-BC23-4175-9F6A-91FB6762A040"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A7844D23-8DAB-4A9A-B0D4-734DF8FBFE02"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"35BD8955-4735-4FDC-906A-B404C4E36417"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C5EBB4D-36F8-453C-9D2C-A63490144596"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*","matchCriteriaId":"6921A2CC-67D0-41B5-908B-F002C14AFD70"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*","matchCriteriaId":"506C4B29-BC71-4C56-BAB1-06E63BEB1DD3"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*","matchCriteriaId":"F5B95177-2AA3-45D4-895D-56CA35B32813"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996868","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037855","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21996868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037855","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6062","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-16T20:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065."},{"lang":"es","value":"IBM Resilient v26.0, v26.1 y v26.2 es vulnerable a secuencias de comandos en sitios cruzados. Esta vulnerabilidad permite a los usuarios integrar código JavaScript arbitrario en la interfaz de usuario Web, alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentro de una sesión de confianza. Referencia de IBM: 213457065."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:resilient:26.0:*:*:*:*:*:*:*","matchCriteriaId":"66C3335C-D92C-46F8-8B0C-DA8EA2F2E9FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:resilient:26.1:*:*:*:*:*:*:*","matchCriteriaId":"66E7ED1E-1D12-47E9-983C-5B06337D0E44"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:resilient:26.2:*:*:*:*:*:*:*","matchCriteriaId":"FB360226-6C6F-41C4-B524-0F7153BD6729"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94268","source":"psirt@us.ibm.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-resilient-cross-site-scripting-vulnerability-cve-2016-6062/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10134","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:10.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en Zabbix en versiones anteriores a 2.2.14 y 3.0 en versiones anteriores a 3.0.4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro de array toggle_ids en latest.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.13","matchCriteriaId":"0491DBDE-417A-480F-9D26-30333914FBD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C35CF109-6E71-4A52-8BC6-AE2F0E397BFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FB23B843-B69C-4DED-A145-A4F4CDA908F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"70324316-BC45-4C87-9C73-52B1229D0CBD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"FB1DABCE-BB84-4CCA-981B-3431D27A2509"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3802","source":"security@debian.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/4","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/4","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95423","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html","source":"security@debian.org"},{"url":"https://support.zabbix.com/browse/ZBX-11023","source":"security@debian.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3802","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850936","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.zabbix.com/browse/ZBX-11023","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-1249","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:10.780","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression."},{"lang":"es","value":"El módulo DBD::mysql en versiones anteriores a 4.039 para Perl, cuando se utiliza el soporte de sentencia preparada en el servidor, permite a atacantes provocar una denegación de servicio (lectura fuera de límites) a través de vectores que implican un número no alineado de marcadores de posición en la condición WHERE y campos de salida en expresión SELECT."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*","versionEndIncluding":"4.038_01","matchCriteriaId":"C776DED8-B178-4AAA-9A14-23FBA456A3BB"}]}]}],"references":[{"url":"http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes","source":"security@debian.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/1","source":"security@debian.org","tags":["Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94350","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-51","source":"security@debian.org"},{"url":"http://cpansearch.perl.org/src/CAPTTOFU/DBD-mysql-4.039/Changes","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94350","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-51","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4311","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:11.907","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request."},{"lang":"es","value":"Vulnerabilidad de CSRF en la funcionalidad de flujo XACML en WSO2 Identity Server 5.1.0 permite a atacantes remotos secuestrar la autenticación de usuarios privilegiados para solicitudes que procesan solicitudes XACML a través de una solicitud entitlement/eval-policy-submit.jsp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A18E2C98-4FD9-43EE-95EA-E03AFCF753E3"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539199/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/92485","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40239/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096","source":"nvd@nist.gov","tags":["Patch","Vendor Advisory"]},{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539199/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40239/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4312","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:11.953","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp.  NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials."},{"lang":"es","value":"Vulnerabilidad de XXE en la funcionalidad de flujo XACML en WSO2 Identity Server 5.1.0 en versiones anteriores a WSO2-CARBON-PATCH-4.4.0-0231 permite a usuarios remotos autenticados con acceso a características XACML leer archivos arbitrarios, provocar una denegación de servicio, realizar ataques de SSRF o tener otros impactos no especificados a través de una solicitud de XACML creada para entitlement/eval-policy-submit.jsp. NOTA: este problema se puede combinar con CVE-2016-4311 para explotar la vulnerabilidad sin credenciales."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"A18E2C98-4FD9-43EE-95EA-E03AFCF753E3"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539199/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/92485","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096","source":"cret@cert.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40239/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539199/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40239/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4314","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:12.000","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el LogViewer Admin Service en WSO2 Carbon 4.4.5 permite a administradores remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro logFile para downloadgz-ajaxprocessor.jsp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:carbon:4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"9E05EF71-70CC-45DD-95EA-7D292D151561"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539200/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/92473","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098","source":"cret@cert.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40240/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE-INCLUSION.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138330/WSO2-Carbon-4.4.5-Local-File-Inclusion.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539200/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0098","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40240/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4315","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:12.030","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp."},{"lang":"es","value":"Vulnerabilidad de CSRF en WSO2 Carbon 4.4.5 permite a atacantes remotos secuestrar la autenticación de usuarios privilegiados para solicitudes que apagan un servidor a través de una acción de cierre de server-admin/proxy_ajaxprocessor.jsp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","baseScore":5.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:N/A:P","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:carbon:4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"9E05EF71-70CC-45DD-95EA-7D292D151561"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138332/WSO2-Carbon-4.4.5-Cross-Site-Request-Forgery-Denial-Of-Service.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539202/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/92473","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0101","source":"cret@cert.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40242/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138332/WSO2-Carbon-4.4.5-Cross-Site-Request-Forgery-Denial-Of-Service.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539202/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0101","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40242/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4316","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:12.077","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en WSO2 Carbon 4.4.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) setName a identity-mgt/challenges-mgt.jsp; el parámetro (2) webappType o (3) httpPort para webapp-list/webapp_info.jsp; el parámetro (4) dsName o (5) description para ndatasource/newdatasource.jsp; el parámetro (6) phase para viewflows/handlers.jsp; o el parámetro (7) url para ndatasource/validateconnection-ajaxprocessor.jsp."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:carbon:4.4.5:*:*:*:*:*:*:*","matchCriteriaId":"9E05EF71-70CC-45DD-95EA-7D292D151561"}]}]}],"references":[{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt","source":"cret@cert.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539201/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/92473","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40241/","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT-XSS-COOKIE-THEFT.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/138331/WSO2-Carbon-4.4.5-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/539201/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/92473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/40241/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4327","sourceIdentifier":"cret@cert.org","published":"2017-02-17T02:59:12.123","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."},{"lang":"es","value":"Vulnerabilidad XSS en WSO2 SOA Enablement Server para Java/6.6 build SSJ-6.6-20090816-1616 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de PATH_INFO."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:enablement_server_for_java:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6-20090827-1616","matchCriteriaId":"2BF0CFCF-9B35-484B-A0F0-05887932EA91"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/137073/WSO2-SOA-Enablement-Server-Cross-Site-Scripting.html","source":"cret@cert.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538413/100/0/threaded","source":"cret@cert.org"},{"url":"http://www.securityfocus.com/bid/85893","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/137073/WSO2-SOA-Enablement-Server-Cross-Site-Scripting.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/archive/1/538413/100/0/threaded","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/85893","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4861","sourceIdentifier":"vultures@jpcert.or.jp","published":"2017-02-17T02:59:13.013","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation."},{"lang":"es","value":"Los métodos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.20 podrían permitir a atacantes remotos llevar a cabo ataques de inyección SQL aprovechando el fallo para borrar comentarios de una sentencia SQL antes de la validación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.19","matchCriteriaId":"A99A8CC5-C3CF-4EA9-BBCA-B53D73AA780A"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN18926672/index.html","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158","source":"vultures@jpcert.or.jp","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://framework.zend.com/security/advisory/ZF2016-03","source":"vultures@jpcert.or.jp","tags":["Exploit","Technical Description","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html","source":"vultures@jpcert.or.jp"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/","source":"vultures@jpcert.or.jp"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/","source":"vultures@jpcert.or.jp"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/","source":"vultures@jpcert.or.jp"},{"url":"https://security.gentoo.org/glsa/201804-10","source":"vultures@jpcert.or.jp"},{"url":"http://jvn.jp/en/jp/JVN18926672/index.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2016-000158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://framework.zend.com/security/advisory/ZF2016-03","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/06/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201804-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5417","sourceIdentifier":"secalert@redhat.com","published":"2017-02-17T02:59:13.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures."},{"lang":"es","value":"Fuga de memoria en la función __res_vinit en el código de gestión del servidor de nombres IPv6 en libresolv en GNU C Library (también conocido como glibc o libc6) en versiones anteriores a 2.24 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) aprovechando la inicialización parcial de las estructuras internas de datos de resolución."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","versionEndIncluding":"2.23","matchCriteriaId":"BE77B607-61C0-45A2-8591-14CF4C0AED39"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92257","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19257","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7","source":"secalert@redhat.com"},{"url":"https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html","source":"secalert@redhat.com","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/02/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19257","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commitdiff%3Bh=2212c1420c92a33b0e0bd9a34938c9814a56c0f7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.sourceware.org/ml/libc-alpha/2016-08/msg00212.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2016-6233","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:13.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\\w]* in a regular expression."},{"lang":"es","value":"Los métodos (1) order y (2) group en Zend_Db_Select en la Zend Framework en versiones anteriores a 1.12.19 podrían permitir a atacantes remotos llevar a cabo ataques de inyección SQL a través de vectores relacionados con el uso del patrón de caracteres [\\w]* en una expresión regular."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.19","matchCriteriaId":"A99A8CC5-C3CF-4EA9-BBCA-B53D73AA780A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/91802","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://framework.zend.com/security/advisory/ZF2016-02","source":"security@debian.org","tags":["Exploit","Technical Description","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/","source":"security@debian.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/","source":"security@debian.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/","source":"security@debian.org"},{"url":"https://security.gentoo.org/glsa/201804-10","source":"security@debian.org"},{"url":"http://www.securityfocus.com/bid/91802","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://framework.zend.com/security/advisory/ZF2016-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2JUKFTI6ABK7ZN7IEAGPCLAHCFANMID2/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N27AV6AL6B4KGEP3VIMIHQ5LFAKF5FTU/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UR5HXNGIUSSIZKMSZYMPBEPZEZTYFTIT/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201804-10","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8652","sourceIdentifier":"secalert@redhat.com","published":"2017-02-17T02:59:13.547","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username."},{"lang":"es","value":"El componente de autenticación en Dovecot en versiones anteriores a 2.2.27, cuando la política de autenticación es configurada, permite a atacantes remotos provocar una denegación de servicio (caída) abortando la autenticación sin establecer un nombre de usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.27","matchCriteriaId":"FF2F0687-214B-47D5-BA1A-439CF981620F"}]}]}],"references":[{"url":"http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/4","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/12","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94639","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://dovecot.org/pipermail/dovecot-news/2016-December/000333.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94639","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9139","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:13.843","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment."},{"lang":"es","value":"Vulnerabilidad de XSS en Open Ticket Request System (OTRS) 3.3.x en versiones anteriores a 3.3.16, 4.0.x en versiones anteriores a 4.0.19 y 5.0.x en versiones anteriores a 5.0.14 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un adjunto manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3FC9D47F-8774-47F5-AC8C-97CBA9879D09"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"E501F8E9-3453-428A-AEDF-861A1FF09E3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"E7834A4F-255F-48E3-B363-452E8CEE1D2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"EFAB601C-F7CC-49F7-8FC0-8D76360AE237"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"DB57DF5E-C8A1-454C-A9EE-6BF486E74E54"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta6:*:*:*:*:*:*","matchCriteriaId":"47321F77-7019-46F9-B4E6-7490CD8F83C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.0:beta7:*:*:*:*:*:*","matchCriteriaId":"BC1AC1FB-87D5-457D-BFC4-4C6676950F20"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"480A5F3B-B1BC-4D66-9B86-424877BE8670"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"46F47052-E465-4230-B59E-C7463C649A4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8694775A-9CE7-4E09-9C6E-9D3B26923513"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.4:*:*:*:*:*:*:*","matchCriteriaId":"01D3250B-2CE8-4C03-AB04-02A3D1EF72E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.5:*:*:*:*:*:*:*","matchCriteriaId":"666FB4D7-9917-4BAD-AD34-911FB315E1D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.6:*:*:*:*:*:*:*","matchCriteriaId":"45326D85-EC87-4C3F-84FD-2A6FA4926F17"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.7:*:*:*:*:*:*:*","matchCriteriaId":"9DB3159B-EF44-4D18-A4E9-EE149F588BEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.8:*:*:*:*:*:*:*","matchCriteriaId":"5F879541-066F-4C86-8844-B577EA8F2661"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.9:*:*:*:*:*:*:*","matchCriteriaId":"8C40A021-28B3-4358-951F-86F791A9655A"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.10:*:*:*:*:*:*:*","matchCriteriaId":"5D6605C7-A589-43BD-BB4A-1917D964569B"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.11:*:*:*:*:*:*:*","matchCriteriaId":"388F9AA8-CFF2-4742-B594-A5462DA424FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.12:*:*:*:*:*:*:*","matchCriteriaId":"5587B6D5-9219-4429-BA50-723CDA760377"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.13:*:*:*:*:*:*:*","matchCriteriaId":"6F2914F4-C45B-4CBA-8EF4-DA1FEC309895"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.14:*:*:*:*:*:*:*","matchCriteriaId":"61B492D3-5659-4F8B-A0B9-3F5937203BED"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.15:*:*:*:*:*:*:*","matchCriteriaId":"F5258544-BF7A-4C64-88A6-C95E4482FA70"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.16:*:*:*:*:*:*:*","matchCriteriaId":"706EACAF-7E79-4809-8206-818145101E48"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.0.17:*:*:*:*:*:*:*","matchCriteriaId":"DD8A24F2-30F1-4C14-BF54-9D1A83273BF0"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"55EB05A1-9965-40D2-BABF-A666BE857166"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"777A992E-1D05-493F-8E2F-15AB3F2A4562"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"828189F1-EF8B-485C-946F-C12CCEE4E27D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"3D8020EA-A636-4C9B-A080-3EF092DF583B"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"9C3C84E0-F4C1-4BDC-B7C1-519C4499FEC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.5:*:*:*:*:*:*:*","matchCriteriaId":"51877344-2358-400D-89D5-6273992571FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.6:*:*:*:*:*:*:*","matchCriteriaId":"9FC3B407-4C93-422F-800B-E747068826E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.7:*:*:*:*:*:*:*","matchCriteriaId":"52A10F00-2869-4DDE-9548-B374EBC14C12"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.8:*:*:*:*:*:*:*","matchCriteriaId":"6BF985A8-DB88-47DA-9F9A-B63F727D8239"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.9:*:*:*:*:*:*:*","matchCriteriaId":"7A1D5FC4-BDFC-4D46-B722-8BFAC91C819F"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.10:*:*:*:*:*:*:*","matchCriteriaId":"5189FACC-454A-4AFD-A08C-0F4F7158EDEB"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.11:*:*:*:*:*:*:*","matchCriteriaId":"5959FA82-043D-42A6-BB7A-C4D37350C5C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.13:*:*:*:*:*:*:*","matchCriteriaId":"C7DC1416-3EBF-4FA9-9A4E-0737BFFD4DA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.14:*:*:*:*:*:*:*","matchCriteriaId":"B30DBAFD-3213-4473-8F3A-783035D6ED9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.15:*:*:*:*:*:*:*","matchCriteriaId":"D1729DB9-48DB-49D5-8F81-567D01B91866"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.16:*:*:*:*:*:*:*","matchCriteriaId":"EB3AF271-B4CA-4217-A96A-835133AF517B"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.17:*:*:*:*:*:*:*","matchCriteriaId":"EDF17BC5-DEB1-47A1-9734-14F56F0B8DDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.18:*:*:*:*:*:*:*","matchCriteriaId":"C9A73332-DDB0-4C16-BB5B-4C4A3F90BF8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.19:*:*:*:*:*:*:*","matchCriteriaId":"C031C614-E049-4BEC-9D57-D237B19DDB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.20:*:*:*:*:*:*:*","matchCriteriaId":"2B9169AC-21CB-43EB-8030-8087AC4D9C50"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.1.21:*:*:*:*:*:*:*","matchCriteriaId":"5A48AC43-0A31-4A49-8F0F-BD97647DB866"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"2206E940-7C63-43A5-A041-CA13A84312A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:beta1:*:*:*:*:*:*","matchCriteriaId":"EB051883-3917-414F-8A36-B51E833451E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:beta2:*:*:*:*:*:*","matchCriteriaId":"445641C8-5D1E-463E-8C00-1CD4E18B2B5E"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:beta3:*:*:*:*:*:*","matchCriteriaId":"24C72855-1DF6-4456-A68A-89458C2EA7D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:beta4:*:*:*:*:*:*","matchCriteriaId":"A84F186F-D5F9-4968-BA39-2B44FFD2119F"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:beta5:*:*:*:*:*:*","matchCriteriaId":"2F58F68B-CCB5-408B-A721-05E355E9A2EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.0:rc1:*:*:*:*:*:*","matchCriteriaId":"9C41A2AB-BED9-4185-A71B-23F6CF101DA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"EADC2C11-F0BB-4763-9B7D-D8ACCD259DA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.2:*:*:*:*:*:*:*","matchCriteriaId":"4BF18770-E861-4689-9040-A6E4BCB03D88"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.3:*:*:*:*:*:*:*","matchCriteriaId":"77E1C1A9-4835-467D-8FA9-D93814634476"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.4:*:*:*:*:*:*:*","matchCriteriaId":"097B8F4A-66E7-46E9-B624-EA26F8687181"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.5:*:*:*:*:*:*:*","matchCriteriaId":"5B223E5A-9A4B-466B-BC0F-4C0400E70E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.6:*:*:*:*:*:*:*","matchCriteriaId":"A30D8237-63CD-4075-B533-3E537A5B0D42"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.7:*:*:*:*:*:*:*","matchCriteriaId":"8821F99A-24D8-483E-AD56-AA5D34BF47FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.8:*:*:*:*:*:*:*","matchCriteriaId":"C0B6966E-47DA-4852-87E0-E768CCE07012"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.9:*:*:*:*:*:*:*","matchCriteriaId":"F638AF98-56CC-44A3-94E7-B7CCBAAFCE8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.10:*:*:*:*:*:*:*","matchCriteriaId":"F52F5362-FFE8-49F4-97A9-2BE4D855AF3A"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.11:*:*:*:*:*:*:*","matchCriteriaId":"3D62BAAF-5D94-46BA-92EF-1D643D968838"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.12:*:*:*:*:*:*:*","matchCriteriaId":"4F66CEF6-B9E8-4A04-9644-304D81E751FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.13:*:*:*:*:*:*:*","matchCriteriaId":"0AB3E7AF-0B00-4D5E-A59C-F7470D02F534"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.14:*:*:*:*:*:*:*","matchCriteriaId":"346A8E94-05FF-4F44-AED6-1D2589858646"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.15:*:*:*:*:*:*:*","matchCriteriaId":"4A05EB89-467D-4787-984F-C92819E40AD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.2.16:*:*:*:*:*:*:*","matchCriteriaId":"C869520F-FBF6-480F-9D84-F03F7A00D1F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:*:*:*:*:*:*:*","matchCriteriaId":"4B4C9653-D2B6-4A2E-A1E3-59D9E47D4F4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:beta1:*:*:*:*:*:*","matchCriteriaId":"F950A3B9-9347-4271-9AE2-816BB37F2FF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:beta2:*:*:*:*:*:*","matchCriteriaId":"78F12260-F695-492E-9F93-34873E8CD42B"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:beta3:*:*:*:*:*:*","matchCriteriaId":"2CFBFFA0-A57E-44A8-9D37-25AD4D0D36F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:beta4:*:*:*:*:*:*","matchCriteriaId":"C2ACF399-6BD0-4753-A8FA-A7031C5E898D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:beta5:*:*:*:*:*:*","matchCriteriaId":"E314819D-7CF9-4DCC-8007-CFE73F3138A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.0:rc1:*:*:*:*:*:*","matchCriteriaId":"1D286118-DA1F-43A4-9B0B-9A340887EA88"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"82E2C445-2CC0-4F4E-BF4E-C2987E273448"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"DAB02A9C-AE23-4DF6-88E7-A606A3483036"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"D1AEB95F-BF0E-42DE-BB47-3CB10BB27DA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"88AAC1C3-14CE-41F9-A371-769BEF17551E"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"4CB04AB6-A380-4620-A196-A295FE7C170D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.6:*:*:*:*:*:*:*","matchCriteriaId":"AB92BA3D-0A1A-47A9-ABFE-04D66F6BE7A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.7:*:*:*:*:*:*:*","matchCriteriaId":"E537B043-413F-4EA3-A6E5-8711DA1C53FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.8:*:*:*:*:*:*:*","matchCriteriaId":"C6931F41-690F-4B4C-A637-FBB18DB0895B"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.9:*:*:*:*:*:*:*","matchCriteriaId":"454607A9-6CAA-49F1-81D6-A2D1CC468C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.10:*:*:*:*:*:*:*","matchCriteriaId":"ED8FD518-C35A-4E90-A8DB-F716F30614F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.11:*:*:*:*:*:*:*","matchCriteriaId":"75DAA2B2-9A7B-4948-BA48-3AFC5688DD57"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.12:*:*:*:*:*:*:*","matchCriteriaId":"CDC9ADBF-6530-4135-8481-7B12DAA86479"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.13:*:*:*:*:*:*:*","matchCriteriaId":"64505573-B426-4E5A-9182-FD716E009351"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.14:*:*:*:*:*:*:*","matchCriteriaId":"55560A17-9FCD-4AD4-9339-B6472D89520F"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:3.3.15:*:*:*:*:*:*:*","matchCriteriaId":"8FF1A81F-89F3-4F0A-A04F-0DD461C433EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"99632B5B-563F-434F-B49E-34EE29B6EAD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"8CBCC863-CE5B-43E2-8331-DDA8AE68E6E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"8C9CDD3C-6B34-4020-B692-CDE682254B64"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"46071699-8EA1-46BA-ADA1-5F572AF8EF18"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"D4AC339E-A6CC-4621-A4C4-6A39C30BCE3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"68B923FE-6F43-44FA-8445-6019127DCA07"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"CD316D98-1DC4-4DC7-A488-851E94CC5263"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"8E9B81FE-4BA6-46B5-B390-1B05CB33C648"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5E38191D-DD62-476D-BB4A-80094B0FFD26"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"875C5002-3E08-47A4-825C-282E6476507C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"CBE3222C-1C90-43D1-9E06-A9F867880900"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"5A6257D3-FD70-486D-B11A-77FE5904FFFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"4CF6C894-111B-4432-B93B-989C8007CB6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"CADCDD21-3665-4460-845F-DE9851607673"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"DB52A359-2564-4E8D-929A-5402D04CDED0"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"7FE86BC8-E092-4436-B632-8D117980D242"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.11:*:*:*:*:*:*:*","matchCriteriaId":"12C2FF70-9B69-43FD-872D-8E6F1CD59634"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.12:*:*:*:*:*:*:*","matchCriteriaId":"C2661294-7039-4C6A-8BFA-D790E93415C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.13:*:*:*:*:*:*:*","matchCriteriaId":"D9B3DBFC-A962-44C3-810D-A9538E328E64"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.14:*:*:*:*:*:*:*","matchCriteriaId":"51DFB908-1877-4C6F-BAFB-45B3B17CBE97"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.15:*:*:*:*:*:*:*","matchCriteriaId":"0B96AE1B-9B8B-40D9-99AA-797859FA0EFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.16:*:*:*:*:*:*:*","matchCriteriaId":"0B2C427B-DC2B-41F7-B3FC-BF0D51706F88"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.17:*:*:*:*:*:*:*","matchCriteriaId":"C1B4648D-E3C7-4C5D-897C-CC27F8082AC0"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:4.0.18:*:*:*:*:*:*:*","matchCriteriaId":"908263DC-2F85-4ED9-AF4A-884609B2A3F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"CA73A62B-BFA7-4793-96E6-BB832418A259"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"DE138E72-61A0-4495-86CE-4342B93049CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"C473A55A-677C-4D0B-9C0D-D1B3857AE8BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"D977D160-7B24-4ADD-9818-4C93A9E7D865"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"472ACCD4-1B3D-4468-B084-D4E98032FF5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8838C987-53ED-4E05-99D1-57A56A899C5D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A5C00BB3-3349-4DB3-B753-B36B88E1B9B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"0D567DC5-332F-4F95-BA0B-B076661AB14D"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8361E43E-9140-49DC-9F06-865BDFC3A60E"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"00DF625C-C5B1-4B7F-BDB4-34F751093104"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.5:*:*:*:*:*:*:*","matchCriteriaId":"0124AD54-B58F-4D36-B45F-B836C321067F"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.6:*:*:*:*:*:*:*","matchCriteriaId":"8D36D023-BE8C-47EF-934E-4E808FA3C0D5"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.7:*:*:*:*:*:*:*","matchCriteriaId":"56D7CD3E-A98A-4FBD-B267-E69E1711B741"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.8:*:*:*:*:*:*:*","matchCriteriaId":"08621604-0098-45F9-9684-85973F4C3058"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.9:*:*:*:*:*:*:*","matchCriteriaId":"2209CD7C-0539-4A36-B40A-D437F6926444"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.10:*:*:*:*:*:*:*","matchCriteriaId":"6F821217-A3A1-4CAC-9904-80543FD17808"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.11:*:*:*:*:*:*:*","matchCriteriaId":"5CE3BC26-B6CE-4A47-87EE-ABF098D0D553"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.12:*:*:*:*:*:*:*","matchCriteriaId":"2B352C86-4538-4266-8FDE-AA8F4FD173AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:otrs:otrs:5.0.13:*:*:*:*:*:*:*","matchCriteriaId":"E569B83B-4DDF-48FE-9143-57CE2D0EBA87"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94141","source":"security@debian.org"},{"url":"https://www.otrs.com/security-advisory-2016-02-security-update-otrs/","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94141","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.otrs.com/security-advisory-2016-02-security-update-otrs/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9637","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T02:59:13.967","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access."},{"lang":"es","value":"Las funciones (1) ioport_read y (2) ioport_write en Xen, cuando qemu es utilizado como un modelo de dispositivo dentro de Xen, podría permitir a administradores locales del SO invitado x86 HVM obtener privilegios del proceso qemu a través de vectores que involucran un acceso ioport fuera de rango."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:P/I:P/A:P","baseScore":3.7,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":1.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"5FCF191B-971A-4945-AB14-08091689BE2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.2.0:sp1:*:*:*:*:*:*","matchCriteriaId":"878949E0-D656-4E0E-858A-C6AD948A2A2F"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:6.5:sp1:*:*:*:*:*:*","matchCriteriaId":"DBCF6643-ACDE-4DDB-8B01-D952DDF8951E"},{"vulnerable":true,"criteria":"cpe:2.3:a:citrix:xenserver:7.0:*:*:*:*:*:*:*","matchCriteriaId":"405F950F-0772-41A3-8B72-B67151CC1376"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2016-2963.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94699","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037397","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-199.html","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX219136","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2016-2963.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94699","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037397","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-199.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX219136","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9773","sourceIdentifier":"secalert@redhat.com","published":"2017-02-17T02:59:14.013","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función IsPixelGray en MagickCore/pixel-accessor.h en ImageMagick 7.0.3.8 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria dinámica fuera de límites) a través de un archivo de imagen manipulado. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-9556."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:7.0.3-8:*:*:*:*:*:*:*","matchCriteriaId":"B48F5327-CA20-4756-A06F-B30B660E8DA7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/4","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/11","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/12","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/02/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9814","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:14.047","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The validateSignature method in the SAML2\\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean."},{"lang":"es","value":"El método validateSignature en la clase SAML2\\Utils en SimpleSAMLphp en versiones anteriores a 1.14.10 y la librería simplesamlphp/saml2 en versiones anteriores a 1.9.1, 1.10.x en versiones anteriores a 1.10.3 y 2.x en versiones anteriores a 2.3.3 permite a atacantes remotos suplantar respuestas SAML o posiblemente provocar una denegación de servicio (consumo de memoria) aprovechando la conversión incorrecta de valores de retorno a valores booleanos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14.9","matchCriteriaId":"3256DE37-C892-4D74-8C48-4D35B0F24F3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp:1.10:*:*:*:*:*:*:*","matchCriteriaId":"09E5E12B-6080-48D0-8750-B5CC9985754B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"5595B4ED-0C6B-4D18-9013-AF09A9159FBB"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:1.10:*:*:*:*:*:*:*","matchCriteriaId":"274F4568-8E1F-4AB4-B701-157D9ACC0D03"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:1.10.1:*:*:*:*:*:*:*","matchCriteriaId":"3FF505BF-B66C-42FB-9BDE-609B9A563A9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:1.10.2:*:*:*:*:*:*:*","matchCriteriaId":"E294F52A-270E-4F48-B0C6-6ADDC84E2E19"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"9F81F843-780A-46D1-B1D9-8F0BD4A5CD9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"AA43E174-713E-442D-8931-AC25517DF58D"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.1:*:*:*:*:*:*:*","matchCriteriaId":"B11FE355-5ECC-4DC3-8826-B366798FCE80"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.2:*:*:*:*:*:*:*","matchCriteriaId":"69A4843F-0D4C-4B98-8FB9-48B6D9D7499A"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.3:*:*:*:*:*:*:*","matchCriteriaId":"BBEB6E3F-9408-4D91-90A0-E7F48AF60EA0"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.3.1:*:*:*:*:*:*:*","matchCriteriaId":"2DE2F0BD-EC4C-4EF1-AD1B-F4CE87D0D04D"},{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:saml2:2.3.2:*:*:*:*:*:*:*","matchCriteriaId":"8669F36F-D030-49CA-B679-FE349EE4E450"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94730","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html","source":"security@debian.org"},{"url":"https://simplesamlphp.org/security/201612-01","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://simplesamlphp.org/security/201612-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9827","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T02:59:14.093","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file."},{"lang":"es","value":"La función _iprintf en outputtxt.c en la herramienta listswf en libming 0.4.7 permite a atacantes remotos provocar una denegación de servicio (sobre lectura del búfer) a través de un archivo SWF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libming:libming:*:*:*:*:*:*:*:*","versionEndIncluding":"0.4.7","matchCriteriaId":"1AD94447-F1E7-46B2-8C22-68570DCB1EF0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/7","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95086","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9828","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T02:59:14.123","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file."},{"lang":"es","value":"La función dumpBuffer en read.c en la herramienta listswf en libming 0.4.7 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL) a través de un archivo SWF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libming:libming:*:*:*:*:*:*:*:*","versionEndIncluding":"0.4.7","matchCriteriaId":"1AD94447-F1E7-46B2-8C22-68570DCB1EF0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/8","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94627","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94627","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9829","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T02:59:14.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función parseSWF_DEFINEFONT en parser.c en la herramienta listswf en libming 0.4.7 permite a atacantes remotos tener impacto no especificado a través de un archivo SWF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libming:libming:*:*:*:*:*:*:*:*","versionEndIncluding":"0.4.7","matchCriteriaId":"1AD94447-F1E7-46B2-8C22-68570DCB1EF0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/5","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95133","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95133","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9831","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T02:59:14.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función parseSWF_RGBA en parser.c en la herramienta listswf en libming 0.4.7 permite a atacantes remotos tener impacto no especificado a través de un archivo SWF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libming:libming:*:*:*:*:*:*:*:*","versionEndIncluding":"0.4.7","matchCriteriaId":"1AD94447-F1E7-46B2-8C22-68570DCB1EF0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/6","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94767","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/01/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94767","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9955","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:14.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consumption) by leveraging improper conversion of return values to boolean."},{"lang":"es","value":"El constructor de clase SimpleSAML_XML_Validator en SimpleSAMLphp en versiones anteriores a 1.14.11 podría permitir a atacantes remotos suplantar firmas en respuestas SAML 1 o posiblemente provocar una denegación de servicio (consumo de memoria) aprovechando la conversión incorrecta de valores de retorno a valores booleanos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:simplesamlphp:simplesamlphp:*:*:*:*:*:*:*:*","versionEndExcluding":"1.14.11","matchCriteriaId":"40A192FB-B0BF-4058-AE15-2FBD239B8E52"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94946","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"https://simplesamlphp.org/security/201612-02","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94946","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://simplesamlphp.org/security/201612-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5357","sourceIdentifier":"security@debian.org","published":"2017-02-17T02:59:14.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of service (crash) via a malformed command, which triggers an invalid free."},{"lang":"es","value":"regex.c en GNU ed en versiones anteriores a 1.14.1 permite a atacantes provocar una denegación de servicio (caída) a través de un comando mal formado, que desencadena una liberación no válida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:ed:*:*:*:*:*:*:*:*","versionEndIncluding":"1.14","matchCriteriaId":"67BE59ED-6ADD-42C3-921B-A9C62B31D301"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/5","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/6","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/7","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/3","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95422","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/","source":"security@debian.org"},{"url":"https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZVH54XNZ77ICNBJTPI2DLJYQTA3SYSFC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5006","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no manejó correctamente las relaciones de propietarios de objetos, lo que permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/673170","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/673170","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5007","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no manejó correctamente la secuencia de eventos mientras cerraba una página, lo que permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrario (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/671102","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/671102","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5008","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, permitió que el atacante controlado JavaScript se ejecute durante la invocación de un método de secuencia de comandos privado, lo que permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarios (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/668552","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/668552","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5009","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"WebRTC en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, falló al realizar la comprobación adecuada de los límites, lo que permitió a un atacante remoto potencialmente explotar la corrupción de la memoria dinámica a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/667504","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/667504","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5010","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, resolvió las promesas en un contexto inadecuado, lo que permitió a un atacante remoto inyectar secuencias de comandos o HTML arbitrarias (UXSS) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/663476","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/663476","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5011","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page."},{"lang":"es","value":"Google Chrome en versiones anteriores a 56.0.2924.76 para Windows desinfecta insuficientemente URLs de DevTools, lo que permitió a un atacante remoto que convenció a un usuario para instalar una extensión maliciosa para leer el contenido del sistema de archivos a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/662859","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/662859","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5012","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Un desbordamiento de búfer de memoria dinámica en V8 en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, permitió a un atacante remoto explotar potencialmente la corrupción de memoria dinámica mediante una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/681843","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/681843","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5013","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page."},{"lang":"es","value":"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux manejaba incorrectamente navegaciones de páginas en pestañas nuevas en pestañas no seleccionadas, lo que permitía a un atacante remoto suplantar los contenidos del Omnibox (barra URL) a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/677716","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/677716","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5014","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."},{"lang":"es","value":"Desbordamiento de búfer de memoria dinámica durante el procesamiento de imágenes en Skia en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/675332","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/675332","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5015","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name."},{"lang":"es","value":"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, manejó incorrectamente glifos Unicode, lo que permitió a un atacante remoto realizar suplantaciones de dominio a través de homógrafos de IDN en un nombre de dominio manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/673971","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/673971","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5016","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo impedir que ciertos elementos de interfaz de usuario se muestren en páginas no visibles, lo que permitió a un atacante remoto mostrar ciertos elementos de IU en un página que no controlan a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/673163","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/673163","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5017","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page."},{"lang":"es","value":"Interacciones con el SO en Google Chrome en versiones anteriores a 56.0.2924.76 para Mac de memoria de vídeo insuficientemente borrada, lo que permitió a un atacante remoto posiblemente extraer fragmentos de imagen en sistemas con chips gráficos GeForce 8600M a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/676975","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/676975","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5018","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.590","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page."},{"lang":"es","value":"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android tenía una política de seguridad del contenido insuficientemente estricta en la página de lanzamiento de aplicaciones de Chrome, lo que permitía a un atacante remoto inyectar secuencias de comandos o HTML en una página privilegiada a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/668665","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/668665","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5019","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."},{"lang":"es","value":"Liberación de memoria en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, y 56.0.2924.87 para Android, permitió a un atacante remoto potencialmente explotar la corrupción de memoria dinámica a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/666714","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/666714","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5020","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.653","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page."},{"lang":"es","value":"Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo requerir un gesto de usuario para operaciones de descarga potentes, lo que permitió a un atacante remoto que convenció a un usuario para instalar una extensión maliciosa para ejecutar código arbitrario a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/668653","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/668653","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5021","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."},{"lang":"es","value":"Un uso después de liberación de memoria en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, permitió a un atacante remoto realizar una lectura de memoria fuera de límites a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/663726","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/663726","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5022","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo aplicar correctamente la política de seguridad de contenido inseguro en línea, lo que permitió a un atacante remoto omitir la política de seguridad de contenido a través de una página HTML."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/663620","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/663620","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5023","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.730","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page."},{"lang":"es","value":"Tipo de confusión en el histograma en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, y 56.0.2924.87 para Android, permitió a un atacante remoto potencialmente explotar una desreferencia casi nula a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/651443","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/651443","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5024","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.763","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file."},{"lang":"es","value":"FFmpeg en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, falló en realizar la comprobación de los límites adecuados, lo que permitió a un atacante remoto potencialmente explotar la corrupción de la memoria dinámica a través de un archivo de vídeo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/643951","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201705-05","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/643951","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-05","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5025","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.793","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file."},{"lang":"es","value":"FFmpeg en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac, falló en realizar la comprobación de los límites adecuados, lo que permitió a un atacante remoto potencialmente explotar la corrupción de la memoria dinámica a través de un archivo de vídeo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/643950","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201705-05","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/643950","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-05","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5026","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.840","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page."},{"lang":"es","value":"Google Chrome anterior a 56.0.2924.76 para Linux, Windows y Mac, no pudo evitar que las alertas se muestren mediante marcos intercambiados, lo que permitió a un atacante remoto mostrar alertas en una página que no controla a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1021"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"chrome-cve-admin@google.com"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"chrome-cve-admin@google.com"},{"url":"http://www.securityfocus.com/bid/95792","source":"chrome-cve-admin@google.com"},{"url":"http://www.securitytracker.com/id/1037718","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/634108","source":"chrome-cve-admin@google.com"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"chrome-cve-admin@google.com"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0206.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2017/dsa-3776","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95792","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037718","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/634108","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201701-66","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5027","sourceIdentifier":"chrome-cve-admin@google.com","published":"2017-02-17T07:59:00.870","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page."},{"lang":"es","value":"Blink en Google Chrome en versiones anteriores a 56.0.2924.76 para Linux, Windows y Mac y 56.0.2924.87 para Android, no pudo aplicar correctamente la política de seguridad de contenido inseguro en línea, lo que permitió a un atacante remoto eludir la política de seguridad de contenido a través de una página HTML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndIncluding":"55.0.2883.87","matchCriteriaId":"20E75B30-0D25-4AC2-8506-1D29C8B87E77"}]}]}],"references":[{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"chrome-cve-admin@google.com"},{"url":"https://crbug.com/661126","source":"chrome-cve-admin@google.com"},{"url":"https://chromereleases.googleblog.com/2017/01/stable-channel-update-for-desktop.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://crbug.com/661126","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5344","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T07:59:00.903","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in dotCMS through 3.6.1. The findChildrenByFilter() function which is called by the web accessible path /categoriesServlet performs string interpolation and direct SQL query execution. SQL quote escaping and a keyword blacklist were implemented in a new class, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), as part of the remediation of CVE-2016-8902; however, these can be overcome in the case of the q and inode parameters to the /categoriesServlet path. Overcoming these controls permits a number of blind boolean SQL injection vectors in either parameter. The /categoriesServlet web path can be accessed remotely and without authentication in a default dotCMS deployment."},{"lang":"es","value":"Se ha descubierto un problema en dotCMS hasta la versión 3.6.1. La función findChildrenByFilter() que es llamada por la ruta accesible por la web /categoriesServlet realiza la interpolación de cadenas y la ejecución directa de consulta SQL. SQL cita escape y una lista negra de palabra clave se implementaron en una nueva clase, SQLUtil (main/java/com/dotmarketing/common/util/SQLUtil.java), como parte de la remediación de CVE-2016-8902; Sin embargo, estos pueden ser superados en el caso de los parámetros q e inode a la ruta /categoriesServlet. Superando estos controles permiten un número de vectores de inyección SQL booleanos ciegos en cualquiera de los parámetros. Se puede acceder a la ruta web /categoriesServlet remotamente y sin autenticación en una implementación de dotCMS predeterminada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:*","versionEndIncluding":"3.6.1","matchCriteriaId":"2227314C-84F0-4DBD-A033-D0ECA8F3846A"}]}]}],"references":[{"url":"http://dotcms.com/security/SI-39","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/34","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96259","source":"cve@mitre.org"},{"url":"https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41377/","source":"cve@mitre.org"},{"url":"http://dotcms.com/security/SI-39","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96259","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/xdrr/webapp-exploits/blob/master/vendors/dotcms/2017.01.blind-sqli/dotcms-dump.sh","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41377/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5998","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T07:59:00.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE Epilog for UNIX version 1.5 allows remote authenticated users to inject arbitrary web script or HTML via the str_log_name parameter in a \"Web Admin Portal > Log Configuration > Add\" action."},{"lang":"es","value":"Vulnerabilidad de XSS en InterSect Alliance SNARE Epilog para UNIX versión 1.5 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro str_log_name en una acción \"Web Admin Portal > Log Configuration > Add\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intersect_alliance:snare_epilog:1.5.0:*:*:*:*:*:*:*","matchCriteriaId":"52003973-A127-4E33-899A-5533035CF445"}]}]}],"references":[{"url":"http://arthrocyber.com/research","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://arthrocyber.com/research","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6014","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T07:59:00.967","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory."},{"lang":"es","value":"En Wireshark 2.2.4 y versiones anteriores, un archivo de captura STANAG 4607 manipulado o mal formado causará un bucle infinito y agotamiento de memoria. Si el campo de tamaño de paquete en un encabezado de paquete es nulo, el desplazamiento a leer no avanzará, provocando intentos continuos para leer el mismo paquete de longitud cero. Esto agotará rápidamente toda la memoria del sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.4","matchCriteriaId":"A083B619-50DF-4A8F-99FE-E379FE4E1E05"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96284","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-12","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96284","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6056","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T07:59:00.997","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu."},{"lang":"es","value":"Se descubrió que un error de programación en el procesamiento de solicitudes HTTPS en el servlet Apache Tomcat y en el motor JSP puede dar como resultado la denegación de servicio a través de un bucle infinito. La denegación de servicio es fácilmente alcanzable como consecuencia de backporting una corrección CVE-2016-6816 pero no backporting la corrección para el error 57544 de Tomcat. Las distribuciones afectadas por este problema de backporting incluyen Debian (en versiones anteriores a 7.0.56-3+deb8u8 y 8.0.14-1+deb8u7 en jessie) y Ubuntu."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0517.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0826.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0827.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0828.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0829.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3787","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3788","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96293","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037860","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/851304","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=60578","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-security-announce/2017/msg00038.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-security-announce/2017/msg00039.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180731-0002/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0517.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0826.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0827.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0828.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0829.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3787","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96293","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037860","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/851304","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=60578","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-security-announce/2017/msg00038.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-security-announce/2017/msg00039.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20180731-0002/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-9905","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en el Web Calendar en SOGo en versiones anteriores a 2.2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del (1) título de una cita o (2) de los campos de contacto."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.1","matchCriteriaId":"022E6D2E-74F5-478B-A08D-AF393E2C57F1"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"cve@mitre.org","tags":["Mailing List","Patch","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=2598","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=2598","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5028","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections."},{"lang":"es","value":"La función print_frame_inst_bytes en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) a través de un archivo de objeto con secciones similares bss vacías."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5029","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file."},{"lang":"es","value":"La función create_fullest_file_path en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) a través de un archivo dwarf manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5030","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."},{"lang":"es","value":"La función _dwarf_calculate_info_section_end_ptr en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5031","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."},{"lang":"es","value":"La función print_frame_inst_bytes en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5032","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"La función dwarf_get_xu_hash_entry en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5033","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."},{"lang":"es","value":"La función print_exprloc_content en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5034","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted file, related to relocation records."},{"lang":"es","value":"dwarf_elf_access.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites) a través de un archivo manipulado, relacionado con los registros de reubicación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5035","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.450","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file."},{"lang":"es","value":"La función _dwarf_read_line_table_header en dwarf_line_table_reader.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5036","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted frame data."},{"lang":"es","value":"La función dump_block en print_sections.c en libdwarf en versiones anteriores a 20160923 permite a los atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de datos de trama manipulados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5037","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."},{"lang":"es","value":"La función _dwarf_load_section en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (referencia de puntero NULL) mediante un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5038","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted string offset for .debug_str."},{"lang":"es","value":"La función dwarf_get_macro_startend_file en dwarf_macro5.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un desplazamiento de cadena manipulado para .debug_str."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5039","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.593","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted object with all-bits on."},{"lang":"es","value":"La función get_attr_value en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de un objeto manipulado con todos los bits activados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5040","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header."},{"lang":"es","value":"Libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un valor de longitud grande en un encabezado de unidad de compilación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5042","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.653","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a denial of service (infinite loop and crash) via a crafted DWARF section."},{"lang":"es","value":"La función dwarf_get_aranges_list en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y caída) a través de una sección DWARF manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332145","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332145","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5043","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.700","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section."},{"lang":"es","value":"La función dwarf_dealloc en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de una sección DWARF manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5044","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.733","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section."},{"lang":"es","value":"La función WRITE_UNALIGNED en dwarf_elf_access.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída) a través de una sección DWARF manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5364","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.763","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en manage_custom_field_edit_page.php en MantisBT 1.2.19 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro return."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.19","matchCriteriaId":"5A815259-BA9C-4040-9E81-E8961F0716CA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/06/11/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://mantisbt.org/bugs/view.php?id=20956","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/11/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/mantisbt/mantisbt/commit/11ab3d6c82a1d3a89b1024f77349fb60a83743c5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/mantisbt/mantisbt/commit/5068df2dcf79c34741c746c9b27e0083f2a374da","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://mantisbt.org/bugs/view.php?id=20956","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6189","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.797","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds."},{"lang":"es","value":"Blacklist incompleta en SOGo en versiones anteriores a 2.3.12 y 3.x en versiones anteriores a 3.1.1 permite a usuarios remotos autenticados obtener información sensible leyendo los campos en la fuente (1) ics o (2) de calendario XML."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-184"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*","versionEndExcluding":"2.3.12","matchCriteriaId":"5D75E49A-4A29-46E4-82AF-2AF4CA019014"},{"vulnerable":true,"criteria":"cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.1","matchCriteriaId":"0C9075E1-13A1-42BC-8141-8981BD1B3640"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"cve@mitre.org","tags":["Mailing List","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3695","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6190","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.843","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the \"View the Date & Time\" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users."},{"lang":"es","value":"SOGo en versiones anteriores a 2.3.12 y 3.x en versiones anteriores a 3.1.1 no restringe el acceso a los atributos UID y DTSTAMP, lo que permite a los usuarios autenticados remotos obtener información confidencial sobre citas con la restricción \"Ver la fecha y hora\", como se demuestra mediante la correlación UIDs y DTSTAMP entre todos los usuarios."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:*:*:*:*:*:*:*:*","versionEndIncluding":"2.3.11","matchCriteriaId":"91F46E93-705A-41F5-BFA3-4FA2ECA662E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D20DC1B-9B7D-40FA-A8BA-E2EE75CD490B"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_1:*:*:*:*:*:*","matchCriteriaId":"593ACB47-FA85-40FC-AD6E-20624190C5AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_2:*:*:*:*:*:*","matchCriteriaId":"F3CBC066-6D19-4172-8198-F813D06F1CD9"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_3:*:*:*:*:*:*","matchCriteriaId":"6B171622-F0CE-4660-8FE8-DEDF69853AFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_4:*:*:*:*:*:*","matchCriteriaId":"45411BA4-31FF-4514-A06E-5D8AA467C55C"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.0:beta_5:*:*:*:*:*:*","matchCriteriaId":"632B5461-9689-49D9-9FA0-548197162FE3"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C6A83B27-97CD-4760-903D-15252C351359"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.0.2:*:*:*:*:*:*:*","matchCriteriaId":"BEDC58CE-65A3-4800-A70E-B96C597528DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:inverse-inc:sogo:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"727D82DD-4057-4BC9-A986-7BE847E2BF02"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"cve@mitre.org","tags":["Mailing List","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3696","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3696","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6191","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.890","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en la página View Raw Source en el Web Calendar en SOGo en versiones anteriores a 3.1.3 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del campo (1) Description, (2) Location, (3) URL o (4) Title."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:alinto:sogo:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1.2","matchCriteriaId":"A8489FF5-8F0F-4563-BE1A-785FF61F708A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"cve@mitre.org","tags":["Mailing List","Patch","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3718","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","VDB Entry"]},{"url":"https://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://sogo.nu/bugs/view.php?id=3718","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6252","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.937","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in shadow 4.2.1 allows local users to gain privileges via crafted input to newuidmap."},{"lang":"es","value":"Desbordamiento de enteros en shadow 4.2.1 permite a usuarios locales obtener privilegios a través de una entrada manipulada para newuidmap."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:shadow_project:shadow:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"FCE9DEA2-3C5D-47D4-A0EA-93B2C37C95FA"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3793","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/20/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/25/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92055","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=979282","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/shadow-maint/shadow/issues/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-02","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3793","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/25/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92055","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=979282","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/shadow-maint/shadow/issues/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-02","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6870","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:00.983","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Escritura fuera de límites en las funciones (1) mb_detect_encoding, (2) mb_send_mail y (3) mb_detect_order en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6871","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.013","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow."},{"lang":"es","value":"Desbordamiento de enteros en bcmath en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-6872","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.047","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Desbordamiento de enteros en StringUtil::implosion en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-6873","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.077","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Auto recursividad en compact en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/674.html\">CWE-674: Uncontrolled Recursion</a>"}},{"cve":{"id":"CVE-2016-6874","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.107","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion."},{"lang":"es","value":"Las funciones array_*_ recursive en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, relacionados con la recursividad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org"},{"url":"https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/674.html\">CWE-674: Uncontrolled Recursion</a>"}},{"cve":{"id":"CVE-2016-6875","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.140","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors."},{"lang":"es","value":"Recursividad infinita en wddx en Facebook HHVM en versiones anteriores a 3.15.0 permite a los atacantes tener un impacto no especificado a través de vectores desconocidos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:facebook:hhvm:*:*:*:*:*:*:*:*","versionEndIncluding":"3.14.5","matchCriteriaId":"157280C9-2498-4181-BF93-3F1017445394"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/11/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/674.html\">CWE-674: Uncontrolled Recursion</a>"}},{"cve":{"id":"CVE-2016-7111","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors."},{"lang":"es","value":"MantisBT en versiones anteriores a 1.3.1 y 2.x en versiones anteriores a 2.0.0-beta.2 utiliza una política de seguridad de contenido débil cuando se utiliza el plugin Gravatar, que permite a atacantes remotos realizar ataques de secuencias de comandos de sitios cruzados (XSS) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.0","matchCriteriaId":"01D7EBC4-9D0E-4502-96E6-C26B97F16059"},{"vulnerable":true,"criteria":"cpe:2.3:a:mantisbt:mantisbt:2.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"541BD5B7-9F88-4B6A-A9D5-3BB182661EC8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/28/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/29/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/mantisbt/mantisbt/commit/b3511d2f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://mantisbt.org/bugs/view.php?id=21263","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/28/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/29/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/mantisbt/mantisbt/commit/b3511d2f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://mantisbt.org/bugs/view.php?id=21263","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7510","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input."},{"lang":"es","value":"La función read_line_table_program en dwarf_line_table_reader_common.c en libdwarf en versiones anteriores a 20160923 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una entrada manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-09-23","matchCriteriaId":"522B980D-FDDC-46D0-8D20-A56FB9F5E5BE"}]}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377015","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://sourceforge.net/p/libdwarf/bugs/4/","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377015","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://sourceforge.net/p/libdwarf/bugs/4/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-7511","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T17:59:01.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de enteros en el dwarf_die_deliv.c en libdwarf 20160613 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:2016-06-13:*:*:*:*:*:*:*","matchCriteriaId":"46FEB08E-F710-466E-BD43-561F31949708"}]}]}],"references":[{"url":"https://sourceforge.net/p/libdwarf/bugs/3/","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html#DW201609-002","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://sourceforge.net/p/libdwarf/bugs/3/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html#DW201609-002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6055","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T20:59:00.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 and eParaksts Java lib before 2.5.13 allows remote attackers to read arbitrary files or possibly have unspecified other impact via a crafted edoc file."},{"lang":"es","value":"Vulnerabilidad de XXE en eParakstitajs 3 en versiones anteriores a 1.3.9 y eParaksts Java lib en versiones anteriores a 2.5.13 permite a atacantes remotos leer archivos arbitrarios o posiblemente tener otro impacto no especificado a través de un archivo edoc manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eparaksts:eparakstitajs_3:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.8","matchCriteriaId":"4A3102AB-94BF-42A5-A2E2-5E09CD3C3717"}]}]}],"references":[{"url":"https://cert.lv/lv/2017/02/iznakusas-nedelas-zinas-par-drosibas-incidentiem-nr-4-2017","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.eparaksts.lv/en/Assistance/downloads/eparakstitajs-3-0/previous-versions-of-eparakstitajs-3-0/","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://cert.lv/lv/2017/02/iznakusas-nedelas-zinas-par-drosibas-incidentiem-nr-4-2017","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.eparaksts.lv/en/Assistance/downloads/eparakstitajs-3-0/previous-versions-of-eparakstitajs-3-0/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6065","sourceIdentifier":"cve@mitre.org","published":"2017-02-17T20:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en inc/lib/Control/Backend/menus.control.php en GeniXCMS a través de 1.0.2 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro order."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.1","matchCriteriaId":"F3FC9002-2943-4B9A-94AC-A1D1FEC168A7"}]}]}],"references":[{"url":"https://github.com/semplon/GeniXCMS/issues/71","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/issues/71","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5986","sourceIdentifier":"cve@mitre.org","published":"2017-02-18T21:59:00.130","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state."},{"lang":"es","value":"Condición de carrera en la función sctp_wait_for_sndbuf en net/sctp/socket.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a usuarios locales provocar una denegación de servicio (fallo de aserción y pánico) a través de una aplicación multihilo que despega una asociación en un cierto estado de búfer completo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:C","baseScore":7.1,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.11","matchCriteriaId":"A2C8FBA2-BF83-4E8F-AA66-F34C0F33E703"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96222","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1308","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420276","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2dcab598484185dea7ec22219c76dcdd59e3cb90","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96222","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1308","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1420276","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/2dcab598484185dea7ec22219c76dcdd59e3cb90","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6001","sourceIdentifier":"cve@mitre.org","published":"2017-02-18T21:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-6786."},{"lang":"es","value":"Condición de carrera en kernel/events/core.c en el kernel de Linux en versiones anteriores a 4.9.7 permite a usuarios locales obtener privilegios a través de una aplicación manipulada que hace llamadas concurrentes al sistema perf_event_open para mover un grupo de software en un contexto hardware. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2016-6786."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.18.54","versionEndExcluding":"3.18.92","matchCriteriaId":"F22ADC27-849C-43FC-A6FB-FEEE92B3C850"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.4.65","matchCriteriaId":"F0B53829-8BD0-46CE-A754-72D6C2A2B7C0"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.7","matchCriteriaId":"20EE2EFD-24B9-486E-8B08-FB740ABD8585"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/16/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96264","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2669","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1854","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1422825","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/pixel/2017-11-01","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=321027c1fe77f892f4ea07846aeae08cefbbb290","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/16/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96264","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2077","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2669","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2018:1854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1422825","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/torvalds/linux/commit/321027c1fe77f892f4ea07846aeae08cefbbb290","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/pixel/2017-11-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6074","sourceIdentifier":"cve@mitre.org","published":"2017-02-18T21:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an IPV6_RECVPKTINFO setsockopt system call."},{"lang":"es","value":"La función dccp_rcv_state_process en net/dccp/input.c en el kernel de Linux hasta la versión 4.9.11 no maneja adecuadamente estructuras de paquetes de datos DCCP_PKT_REQUEST en el estado LISTEN, lo que permite a usuarios locales obtener privilegios root o provocar una denegación de servicio (liberación doble) a través de una aplicación que hace una llamada de sistema IPV6_RECVPKTINFO setsockopt."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"3.2.86","matchCriteriaId":"93414DAF-13C5-4F37-8F16-486DDEFFE6AC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"3.10.106","matchCriteriaId":"3116EF11-56E7-4D40-9FD0-6109280D0247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"3.12.71","matchCriteriaId":"714101BC-5F00-4257-A007-F21269AE5AC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"3.16.41","matchCriteriaId":"F5CF2C65-6A2A-44EE-A67B-5DB1663C2B2A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"3.18.49","matchCriteriaId":"5AA77834-089F-4556-A00B-CAC1E08444BF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.19","versionEndExcluding":"4.1.41","matchCriteriaId":"9019BEC9-FE77-4506-A019-B8B4D8BCEBAE"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.4.52","matchCriteriaId":"87F9D322-C14F-4E7A-BA48-87789CAC2DA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.13","matchCriteriaId":"B5EFB5B2-2EEC-4D04-925A-77FBE0E5E76C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0293.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0294.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0295.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0316.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0323.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0324.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0345.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0346.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0347.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0365.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0366.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0403.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0501.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/22/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96310","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037876","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:0932","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1209","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-07-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41457/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41458/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2017-07","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0293.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0294.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0295.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0316.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0323.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0324.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0345.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0346.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0347.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0365.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0366.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0403.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0501.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3791","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/22/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037876","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:0932","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2017:1209","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-07-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41457/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41458/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2017-07","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-4613","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. Safari en versiones anteriores a 10.0.1 está afectado. iCloud en versiones anteriores a 6.0.1 está afectado. iTunes en versiones anteriores a 12.5.2 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos obtener información sensible a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.0","matchCriteriaId":"A4234F90-95F9-4BDD-86F4-400A57533180"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.0","matchCriteriaId":"446B7A62-EFB5-43FD-9319-821ECA44A5B5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.1","matchCriteriaId":"48584EDF-706C-4F6B-A85F-2E98260E15A4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:apple_tv:10.0.0:*:*:*:*:*:*:*","matchCriteriaId":"1F4498E2-15B0-4113-AFB7-5029161AE1BF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93949","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037139","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207272","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207273","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207274","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/93949","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037139","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207272","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207273","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207274","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4617","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves a sandbox escape related to launchctl process spawning in the \"libxpc\" component."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. El problema involucra una fuga de sandbox relacionada con la generación de procesos launchctl en el componente \"libxpc\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.11.6","matchCriteriaId":"FEEAF544-405E-4A75-9206-5CC4EDCE2F05"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96329","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207170","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96329","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4660","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el componente \"FontParser\". Esto permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0","matchCriteriaId":"C31BB3B2-E21B-4B83-8EF5-879A99BB829E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93849","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4661","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ntfs\" component, which misparses disk images and allows attackers to cause a denial of service via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra el componente \"ntfs\", que difunde imágenes del disco y permite a atacantes provocar una denegación del servicio a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4662","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"AppleGraphicsControl\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra el componente \"AppleGraphicsControl\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4663","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"NVIDIA Graphics Drivers\" component. It allows attackers to cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra el componente \"NVIDIA Graphics Drivers\". Esto permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4664","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Sandbox Profiles\" component, which allows attackers to read photo-directory metadata via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el componente \"Sandbox Profiles\" que permite a atacantes leer los metadatos de foto-directorio a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0","matchCriteriaId":"C31BB3B2-E21B-4B83-8EF5-879A99BB829E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93854","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4665","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Sandbox Profiles\" component, which allows attackers to read audio-recording metadata via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el componente \"Sandbox Profiles\" que permite a atacantes leer los metadatos de audio-grabaciones a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0","matchCriteriaId":"C31BB3B2-E21B-4B83-8EF5-879A99BB829E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93854","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4666","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. Safari en versiones anteriores a 10.0.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"9EDB336D-314A-4320-AC50-D3E0E87AFAE1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93851","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037087","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93851","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037087","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4667","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ATS\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"ATS\". Esto permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4669","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"Kernel\". Esto permite a los usuarios locales ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (manejo incorrecto de código MIG y caída del sistema) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/93849","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40654/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/158874/Safari-Webkit-For-iOS-7.1.2-JIT-Optimization-Bug.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/93849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40654/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-4670","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.540","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the \"Security\" component. It allows local users to discover lengths of arbitrary passwords by reading a log."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"Security\". Esto permite a usuarios locales descubrir la longitud de contraseñas arbitrarias leyendo un inicio de sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-255"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94433","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94433","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4671","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) via a crafted PDF file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra el componente \"ImageIO\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (escritura fuera de límites y caída de la aplicación) a través de un archivo PDF manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4673","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"CoreGraphics\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"CoreGraphics\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo JPEG manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93849","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4674","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ATS\" component. It allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"ATS\". Esto permite a usuarios obtener privilegios o provocar una denegación de servicio (corrupción de memoria o caída de la aplicación) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4675","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libxpc\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra el componente \"libxpc\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93849","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4677","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. Safari en versiones anteriores a 10.0.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"9EDB336D-314A-4320-AC50-D3E0E87AFAE1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93853","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037087","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037087","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4678","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.777","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"AppleSMC\" component. It allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"AppleSMC\". Esto permite a usuarios locales obtener privilegios o provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4679","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.807","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"libarchive\" component, which allows remote attackers to write to arbitrary files via a crafted archive containing a symlink."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"libarchive\" que permite a atacantes remotos escribir archivos arbitrarios a través de un archivo manipulado que contiene un enlace simbólico."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93849","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93849","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4680","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes obtener información sensible de la memoria del kernel a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1","matchCriteriaId":"BB05CC2B-FFF6-4952-B7F2-DCED85B9ECFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93854","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4681","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.870","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"Core Image\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"Core Image\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo JPEG manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94431","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4682","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.900","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12 is affected. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted SGI file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra el componente \"ImageIO\". Esto permite a atacantes remotos obtener información sensible o provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de un archivo SGI manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207170","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4683","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted SGI file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"ImageIO\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (acceso a la memoria fuera de límites y caída de la aplicación) a través de un archivo SGI manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94431","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94431","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4685","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.963","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the \"iTunes Backup\" component, which improperly hashes passwords, making it easier to decrypt files."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. El problema involucra el componente \"iTunes Backup\" que indebidamente hashea contraseñas haciendo más fácil descifrar archivos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94432","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4686","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:00.993","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the \"Contacts\" component, which does not prevent an app's Address Book access after access revocation."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. El problema involucra el componente \"Contacts\", que no previene el acceso de aplicaciones a Address Book después de la revocación de acceso."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":2.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:N","baseScore":3.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93848","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93848","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037088","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4688","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.027","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra el componente \"FontParser\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (desbordamiento de búfer y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.3","matchCriteriaId":"C9540262-A485-409C-862B-81F607E120B7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94572","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94572","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4689","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.073","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Mail\" component, which does not alert the user to an S/MIME email signature that used a revoked certificate."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra el componente \"Mail\", que no alerta al usuario de una firma de correo electrónico S/MIME que utiliza un certificado revocado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4690","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Image Capture\" component, which allows attackers to execute arbitrary code via a crafted USB HID device."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Image Capture\", que permite a atacantes ejecutar código arbitrario a través de un dispositivo USB HID."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4691","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.120","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"FontParser\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4692","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4693","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Security\" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Security\", que hace más fácil a los atacantes eludir los mecanismos de protección criptográfica aprovechando el uso del cifrado 3DES."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4721","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the \"IDS - Connectivity\" component, which allows man-in-the-middle attackers to spoof calls via a \"switch caller\" notification."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"IDS - Connectivity\" que permite a atacantes man-in-the-middle suplantar llamadas a través de notificaciones \"switch caller\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94429","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94429","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4743","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos obtener información sensible de la memoria de proceso o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4764","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10 está afectado. Safari en versiones anteriores a 10 está afectado. iTunes en versiones anteriores a 12.5.1 está afectado. tvOS en versiones anteriores a 10 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5","matchCriteriaId":"C39C7C44-B0E4-40E3-9F40-382B1E28D8D3"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"9.3.5","matchCriteriaId":"5133BB4B-15AA-4F2F-B469-C5BD71FCE9C8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"9.1.3","matchCriteriaId":"A02241CD-8C84-46CA-AF77-7F9032836D20"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndIncluding":"9.2.2","matchCriteriaId":"2D0C98E3-B238-46D3-809E-B48CECB1DDB3"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94430","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207142","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207143","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207157","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207158","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207142","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207143","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207157","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4780","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the \"Thunderbolt\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"Thunderbolt\". Esto permite a atacantes remotos ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (referencia a puntero NULL) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4781","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"SpringBoard\" component, which allows physically proximate attackers to bypass the passcode attempt counter and unlock a device via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"SpringBoard\", que permite a atacantes próximos físicamente eludir el contador de intentos de código de acceso y desbloquear un dispositivo a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7577","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.400","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. The issue involves the \"FaceTime\" component, which allows remote attackers to trigger memory corruption and obtain audio data from a call that appeared to have ended."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. El problema involucra al componente \"FaceTime\", que permite a atacantes remotos desencadenar corrupción de memoria y obtener datos de audio de una llamada que aparentemente ha terminado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94429","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94429","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7578","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. Safari en versiones anteriores a 10.0.1 está afectado. iCloud en versiones anteriores a 6.0.1 está afectado. iTunes en versiones anteriores a 12.5.2 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"9EDB336D-314A-4320-AC50-D3E0E87AFAE1"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndExcluding":"6.0.1","matchCriteriaId":"454F770E-7E60-4ED0-ADDD-103AB9133C9B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndExcluding":"12.5.2","matchCriteriaId":"12B1EA19-098B-4229-8C03-C6EDCAE109A8"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93949","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037139","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207273","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207274","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93949","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207272","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207273","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207274","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7579","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. The issue involves the \"CFNetwork Proxies\" component, which allows man-in-the-middle attackers to spoof a proxy password authentication requirement and obtain sensitive information."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. El problema involucra al componente \"CFNetwork Proxies\", lo que permite a atacantes man-in-the-middle suplantar la contraseña de autenticación requerida por el proxy y obtener información sensible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"31522691-8429-479C-A288-9ADB0916784C"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.1","matchCriteriaId":"3C9A3484-1C0D-41F0-BA61-032A98BAD2A9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.1","matchCriteriaId":"0D75F9F4-8E2C-4997-B663-F50841B3AA80"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/93856","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/93856","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7580","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the \"Mail\" component, which allows remote web servers to cause a denial of service via a crafted URL."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. El problema involucra al componente \"Mail\", que permite a servidores web remotos provocar una denegación de servicio a través de una URL manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.11.6","matchCriteriaId":"FEEAF544-405E-4A75-9206-5CC4EDCE2F05"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94434","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207170","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94434","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7581","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.540","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. The issue involves the \"Safari\" component, which allows remote web servers to cause a denial of service via a crafted URL."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. El problema involucra al componente \"Safari\", que permite a atacantes remotos de servidores web provocar una denegación de servicio a través de una URL manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94432","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7582","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12 está afectado. El problema involucra al componente \"Intel Graphics Driver\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.11.6","matchCriteriaId":"FEEAF544-405E-4A75-9206-5CC4EDCE2F05"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94435","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207170","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94435","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207170","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7583","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the \"iCloud\" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iCloud en versiones anteriores a 6.0.1 está afectado. El problema involucra al subsistema del componente \"iCloud\". Esto permite a usuarios locales obtener privilegios a través de una librería dinámica manipulada en un directorio no especificado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.0","matchCriteriaId":"446B7A62-EFB5-43FD-9319-821ECA44A5B5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94570","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207273","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94570","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207273","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7584","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"AppleMobileFileIntegrity\" component, which allows remote attackers to spoof signed code by using a matching team ID."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"AppleMobileFileIntegrity\", que permite a atacantes remotos suplantar código firmado usando un identificador de equipo ID"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0","matchCriteriaId":"C31BB3B2-E21B-4B83-8EF5-879A99BB829E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94571","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94571","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7586","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.683","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos obtener información sensible a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7587","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:12.5.3:*:*:*:*:*:*:*","matchCriteriaId":"7D89F5C7-2237-485A-963A-31F3C233AACB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7588","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.777","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreMedia Playback\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted MP4 file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"CoreMedia Playback\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo MP4 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7589","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.807","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. watchOS before 3.1.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94908","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94908","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7591","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.853","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOHIDFamily\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"IOHIDFamily\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7592","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.887","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to obtain sensitive information via crafted JavaScript prompts on a web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\", que permite a atacantes remotos obtener información sensible a través de avisos JavaScript manipulados en un sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94909","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94909","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7594","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.933","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"ICU\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"ICU\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7595","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:01.963","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"CoreText\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7596","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.010","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Bluetooth\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7597","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.040","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"SpringBoard\" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"SpringBoard\", que permite a atacantes próximos físicamente mantener el estado desbloqueado a través de vectores relacionados con Handoff con Siri."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7598","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.073","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos obtener información sensible de los procesos de memoria a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7599","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.103","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos eludir las Same Origin Policy y obtener información sensible a través de un sitio web manipulado que utiliza redirección HTTP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7600","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"OpenPAM\" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"OpenPAM\" que permite a usuarios locales obtener información sensible aprovechando el manejo incorrecto de una autenticación PAM fallida por una app aislada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7601","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Local Authentication\" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Local Authentication\", que no respeta el intervalo de tiempo de bloqueo de pantalla configurado si el indicador de ID de toque está visible."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7602","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Intel Graphics Driver\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7603","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"CoreStorage\" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"CoreStorage\". Esto permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7604","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"CoreCapture\" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"CoreCapture\". Esto permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7605","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to cause a denial of service (NULL pointer dereference) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Bluetooth\". Esto permite a atacantes provocar una denegación de servicio (referencia a puntero NULL) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7606","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra el componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7607","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\", que permite a atacantes obtener información sensible de la memoria del kérnel a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7608","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOFireWireFamily\" component, which allows local users to obtain sensitive information from kernel memory via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"IOFireWireFamily\", que permite a usuarios locales obtener información sensible de la memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7609","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"AppleGraphicsPowerManagement\" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"AppleGraphicsPowerManagement\". Esto permite a usuarios locales provocar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.2,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7610","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7611","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7612","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40955/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40955/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7613","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.1 está afectado. macOS en versiones anteriores a 10.12.1 está afectado. tvOS en versiones anteriores a 10.0.1 está afectado. watchOS en versiones anteriores a 3.1 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado a través de una aplicación manipulada que aprovecha el manejo incorrecto de la vida de objeto durante la generación de procesos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.3","matchCriteriaId":"D1E59BBF-DE29-4730-813A-19686FB20BD0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.0","matchCriteriaId":"4541211A-5DDA-4311-85C1-23C34295877A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.0","matchCriteriaId":"A4234F90-95F9-4BDD-86F4-400A57533180"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94116","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94116","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7614","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iCloud before 6.1 is affected. The issue involves the \"Windows Security\" component. It allows local users to obtain sensitive information from iCloud desktop-client process memory via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iCloud en versiones anteriores a 6.1 está afectado. El problema involucra al componente \"Windows Security\". Esto permite a usuarios locales obtener información sensible de procesos de memoria de iCloud desktop-client a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94911","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94911","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7615","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component, which allows local users to cause a denial of service via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente\"Kernel\", que permite a usuarios locales provocar una denegación de servicio a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7616","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Disk Images\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Disk Images\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7617","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (type confusion) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Bluetooth\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (confusión de tipo) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"https://www.exploit-db.com/exploits/40952/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40952/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7618","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.727","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Foundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Foundation\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo .gcx manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7619","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"libarchive\" component, which allows local users to write to arbitrary files via vectors related to symlinks."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"libarchive\", que permite a usuarios locales escribir archivos arbitrarios a través de vectores relacionados con enlaces simbólicos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-59"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7620","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.790","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOSurface\" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"IOSurface\". Esto permite a usuarios locales obtener información sensible del diseño de memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7621","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.823","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\". Esto permite a usuarios locales ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40956/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40956/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7622","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.853","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Grapher\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Grapher\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo .gcx manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7623","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.887","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to obtain sensitive information via a blob URL on a web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos obtener información sensible a través de una URL blob en un sitio web."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94913","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94913","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7624","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.917","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOAcceleratorFamily\" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"IOAcceleratorFamily\". Esto permite a usuarios locales obtener información sensible del diseño de memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7625","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.963","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"IOKit\" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"IOKit\". Esto permite a usuarios locales obtener información sensible del diseño de memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7626","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:02.977","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the \"Profiles\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. tvOS en versiones anteriores a 10.1 está afectado. watchOS en versiones anteriores a 3.1.1 está afectado. El problema involucra al componente \"Profiles\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un certificado de perfil manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2","matchCriteriaId":"2891CF08-5131-46F5-B000-07E6F1F5AE0E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1","matchCriteriaId":"766B7E78-D10C-4369-8144-4A8D34B41E8B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.1","matchCriteriaId":"70B7A5C6-6FA9-485B-8CB5-41AACE47D928"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94852","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html","source":"product-security@apple.com","tags":["Mailing List","Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207425","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40906/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/94852","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207425","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40906/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7627","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.027","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreGraphics\" component. It allows attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted font."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"CoreGraphics\". Esto permite a atacantes provocar una denegación de servicio (referencia a puntero NULL y caída de la aplicación) a través de una fuente manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7628","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.057","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Assets\" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Assets\", que permite a usuarios locales eludir las restricciones de permiso previstas y cambiar una herramienta para móviles descargada a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7629","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"kext tools\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7630","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.120","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"WebSheet\" component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"WebSheet\", que permite a atacantes eludir el mecanismo de protección de aislamiento a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7632","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7633","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"Directory Services\" component. It allows local users to gain privileges or cause a denial of service (use-after-free) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Directory Services\". Esto permite a usuarios locales obtener privilegios o provocar una denegación de servicio (uso después de liberación de memoria) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94903","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40954/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94903","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40954/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7634","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Accessibility\" component, which accepts spoken passwords without considering that they are locally audible."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Accessibility\", que acepta contraseñas habladas sin considerar que son localmente audibles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7635","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7636","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Security\" component, which allows man-in-the-middle attackers to cause a denial of service (application crash) via vectors related to OCSP responder URLs."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Security\", que permite a atacantes man-in-the-middle provocar una denegación de servicio (caída de la aplicación) a través de vectores relacionados con URLs de respuesta OCSP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7637","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors."},{"lang":"es","value":"Se ha detectado un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores 0.12.2 está afectado. watchOS en versiones anteriores 3.1.3 está afectado. El problema implica al componente \"Kernel\". Esto permite a usuarios locales obtener privilegios o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"product-security@apple.com"},{"url":"https://www.exploit-db.com/exploits/40957/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40957/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7638","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Find My iPhone\" component, which allows physically proximate attackers to disable this component by bypassing authentication."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Find My iPhone\", que permite a atacantes próximos físicamente deshabilitar este componente eludiendo la autenticación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7639","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.400","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7640","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7641","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7642","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria and caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7643","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"ImageIO\". Esto permite a atacantes remotos obtener información sensible de los procesos de memoria o provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:P","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7644","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94904","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94904","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7645","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7646","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7648","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.713","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7649","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.743","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7650","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.807","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the \"Safari Reader\" component, which allows remote attackers to conduct UXSS attacks via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. El problema involucra al componente \"Safari Reader\", que permite a atacantes remotos llevar a cabo ataques UXSS a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:N/I:P/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94915","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94915","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7651","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the \"Accounts\" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. watchOS en versiones anteriores a 3.1.1 está afectado. El problema involucra al componente \"Accounts\", que permite a usuarios locales eludir las restricciones destinadas a autorización aprovechando el manejo incorrecto de una app de desinstalación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-285"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94851","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html","source":"product-security@apple.com","tags":["Mailing List","Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94851","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apple.com/archives/security-announce/2016/Dec/msg00001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7652","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.870","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7653","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.900","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Media Player\" component, which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging lockscreen access."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Media Player\" que permite a atacantes próximos físicamente obtener fotos e información de contacto sensibles aprovechando un acceso a la pantalla de bloqueo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7654","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:03.980","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7655","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.010","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"CoreMedia External Displays\" component. It allows local users to gain privileges or cause a denial of service (type confusion) via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"CoreMedia External Displays\". Esto permite a usuarios locales obtener privilegios o provocar una denegación de servicio (confusión tipo) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-704"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94906","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94906","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7656","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.040","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. Safari en versiones anteriores a 10.0.2 está afectado. iCloud en versiones anteriores a 6.1 está afectado. iTunes en versiones anteriores a 12.5.4 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.1","matchCriteriaId":"826BEA13-02E8-4A81-91DE-BED9E05EDDEE"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.0.1","matchCriteriaId":"78C32252-C4CD-44ED-9965-84EA7AF6137F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.3","matchCriteriaId":"1D90BD8D-3081-483F-8E70-9B89550E71C0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94907","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207421","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94907","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207421","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7657","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.073","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOKit\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"IOKit\". Esto permite a atacantes obtener información sensible de la memoria del kernel a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7658","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.120","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Audio\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7659","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Audio\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7660","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"syslog\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"syslog\". Esto permite a usuarios locales obtener privilegios a través de vectores no especificados relacionados con referencias de nombres de puertos Mach."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40959/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40959/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7661","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"Power Management\" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"Power Management\". Esto permite a usuarios locales obtener privilegios a través de vectores no especificados relacionados con referencias de nombres de puertos Mach."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94906","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"product-security@apple.com"},{"url":"https://www.exploit-db.com/exploits/40958/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/94906","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/40931/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/40958/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7662","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Security\" component, which allows remote attackers to spoof certificates via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Security\", lo que permite a atacantes remotos falsificar certificados a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7663","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"CoreFoundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"CoreFoundation\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de una cadena manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94905","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94905","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037469","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7664","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Accessibility\" component. which allows physically proximate attackers to obtain sensitive photo and contact information by leveraging the availability of excessive options during lockscreen access."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Accesibilidad\" lo que permite a atacantes próximos físicamente obtener fotos e información de contacto sensibles aprovechando la disponibilidad de excesivas opciones durante el acceso de bloqueo de pantalla."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7665","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Graphics Driver\" component, which allows remote attackers to cause a denial of service via a crafted video."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Graphics Driver\" que permite a atacantes remotos provocar una denegación de servicio a través de un vídeo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94850","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94850","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037429","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7666","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. Transporter before 1.9.2 is affected. The issue involves the \"iTMSTransporter\" component, which allows attackers to obtain sensitive information via a crafted EPUB."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. Transporter en versiones anteriores a 1.9.2 está afectado. El problema involucra al componente \"iTMSTransporter\" que permite a atacantes obtener información sensible a través de un EPUB manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:transporter:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.1","matchCriteriaId":"CE0EDE09-E842-45FB-9715-F300EC88F9A4"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94912","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207432","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94912","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7667","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service via a crafted string."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"CoreText\". Esto permite a atacantes remotos provocar una denegación de servicio a través de una cadena manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7714","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the \"IOKit\" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. macOS en versiones anteriores a 10.12.2 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"IOKit\". Esto permite a usuarios locales obtener información sensible de la disposición de la memoria del kernel a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7742","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"xar\" component, which allows remote attackers to execute arbitrary code via a crafted archive that triggers use of uninitialized memory locations."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"xar\", que permite a atacantes remotos ejecutar código arbitrario a través de un archivo manipulado que desencadena el uso de ubicaciones de memoria no inicializadas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7759","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10 is affected. The issue involves the \"Springboard\" component, which allows physically proximate attackers to obtain sensitive information by viewing application snapshots in the Task Switcher."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10 está afectado. El problema involucra al componente \"Springboard\", que permite a atacantes próximos físicamente obtener información sensible visualizando capturas de pantalla de la aplicación en el Task Switcher."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"9.3.5","matchCriteriaId":"5133BB4B-15AA-4F2F-B469-C5BD71FCE9C8"}]}]}],"references":[{"url":"https://support.apple.com/HT207143","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207143","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7761","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.540","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the \"WiFi\" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.2 está afectado. El problema involucra al componente \"WiFi\", que permite a usuarios locales obtener información sensible de la configuración red aprovechando el almacenamiento global."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.1","matchCriteriaId":"1ACD43C5-75C1-4489-8617-77DFB9C23D10"}]}]}],"references":[{"url":"https://support.apple.com/HT207423","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7762","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"WebKit\" component, which allows XSS attacks against Safari."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"WebKit\" que permite ataques de XSS contra Safari."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Third Party Advisory","Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7765","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the \"Clipboard\" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2 está afectado. El problema involucra al componente \"Clipboard\", que permite a atacantes próximos físicamente obtener información sensible en el estado de bloqueo de pantalla visualizando contenidos del portapapeles."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.1","matchCriteriaId":"904491D9-AAB8-4754-901C-F5D261BEAC17"}]}]}],"references":[{"url":"https://support.apple.com/HT207422","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2350","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos eludir Same Origin Policy y obtener información sensible a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95727","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2351","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WiFi\" component, which allows physically proximate attackers to bypass the activation-lock protection mechanism and view the home screen via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. El problema involucra al componente \"WiFi\", que permite a atacantes próximos físicamente eludir el mecanismo de protección de bloqueo de activación y ver la pantalla de inicio a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":2.4,"baseSeverity":"LOW","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95722","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95722","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2352","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.697","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Unlock with iPhone\" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Unlock with iPhone\", que permite a atacantes eludir el mecanismo de protección de presencia de muñeca y desbloquear un dispositivo Watch a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"17036F83-6506-40D0-B0B5-43206EF575F0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95730","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95730","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2353","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.743","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Bluetooth\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente \"Bluetooth\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.2","matchCriteriaId":"06BE9BF5-8D87-4C42-96F6-065A088EAF9B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95723","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037671","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com"},{"url":"https://www.exploit-db.com/exploits/41164/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95723","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037671","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41164/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2354","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.760","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. iCloud en versiones anteriores a 6.1.1 está afectado. iTunes en versiones anteriores a 12.5.5 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.1.1","matchCriteriaId":"E742A9C2-557C-4D13-AC48-57F674F0DBA6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.5.5","matchCriteriaId":"07638941-0393-4836-9427-8257547AED37"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95736","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2355","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.807","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. iCloud en versiones anteriores a 6.1.1 está afectado. iTunes en versiones anteriores a 12.5.5 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (acceso de memoria no inicializado y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.1.1","matchCriteriaId":"E742A9C2-557C-4D13-AC48-57F674F0DBA6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.5.5","matchCriteriaId":"07638941-0393-4836-9427-8257547AED37"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95736","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2356","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. iCloud en versiones anteriores a 6.1.1 está afectado. iTunes en versiones anteriores a 12.5.5 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*","versionEndExcluding":"6.1.1","matchCriteriaId":"E742A9C2-557C-4D13-AC48-57F674F0DBA6"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*","versionEndExcluding":"12.5.5","matchCriteriaId":"07638941-0393-4836-9427-8257547AED37"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95736","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95736","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2357","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.887","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"IOAudioFamily\" component. It allows attackers to obtain sensitive kernel memory-layout information via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente \"IOAudioFamily\". Esto permite a atacantes obtener información sensible de la disposición de la memoria del kernel a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.2","matchCriteriaId":"06BE9BF5-8D87-4C42-96F6-065A088EAF9B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95723","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2358","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.917","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Graphics Drivers\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente \"Graphics Drivers\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (corrupción de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.2","matchCriteriaId":"06BE9BF5-8D87-4C42-96F6-065A088EAF9B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95723","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2359","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.947","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. Safari before 10.0.3 is affected. The issue involves the \"Safari\" component, which allows remote attackers to spoof the address bar via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. Safari en versiones anteriores a 10.0.3 está afectado. El problema involucra al componente \"Safari\" que permite a atacantes remotos suplantar la dirección de barra a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.2","matchCriteriaId":"6E0DDE9A-9410-41DC-9EB9-2B85654E3DE2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95724","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037669","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95724","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037669","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2360","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:04.980","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (uso después de liberación de memoria) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.3","matchCriteriaId":"2C0A5654-F7F3-44BB-8435-58CBA014E30F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.3","matchCriteriaId":"C9540262-A485-409C-862B-81F607E120B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95729","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95731","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41165/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95729","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41165/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2361","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.010","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the \"Help Viewer\" component, which allows XSS attacks via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. macOS en versiones anteriores a 10.12.3 está afectado. El problema involucra al componente \"Help Viewer\" que permite ataques de XSS a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.12.2","matchCriteriaId":"06BE9BF5-8D87-4C42-96F6-065A088EAF9B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95723","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"product-security@apple.com"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1040","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41443/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95723","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037671","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1040","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41443/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2362","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.040","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.2","matchCriteriaId":"6E0DDE9A-9410-41DC-9EB9-2B85654E3DE2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:apple_tv:10.1.0:*:*:*:*:*:*:*","matchCriteriaId":"3180C69A-4D5F-40A9-B194-B461D82C8DBB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95727","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41213/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41213/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2363","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.3","matchCriteriaId":"C9540262-A485-409C-862B-81F607E120B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95728","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41449/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95728","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41449/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2364","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.137","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. El problema involucra el componente \"WebKit\". Esto permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.2","matchCriteriaId":"6E0DDE9A-9410-41DC-9EB9-2B85654E3DE2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95725","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1038137","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41799/","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95725","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1038137","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41799/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2365","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos eludir la Same Origin Policy y obtener información sensible a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95727","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41453/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41453/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2366","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. iCloud en versiones anteriores a 6.1.1 está afectado. iTunes en versiones anteriores a 12.5.5 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0.2","matchCriteriaId":"6E0DDE9A-9410-41DC-9EB9-2B85654E3DE2"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1.0","matchCriteriaId":"4D8A464F-36CF-4467-8CFA-E35193C5D977"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.4","matchCriteriaId":"EBA722ED-C484-4D36-9DC4-F55F7EAD652A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95733","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207481","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95733","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207486","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2368","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"Contacts\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. El problema involucra al componente \"Contacts\". Esto permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una tarjeta de contacto manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.0","matchCriteriaId":"483CCC31-77F5-425E-A0D1-6C8A4AF18D74"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95722","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com"},{"url":"http://www.securityfocus.com/bid/95722","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2369","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95727","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41215/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41215/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2370","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. macOS en versiones anteriores a 10.12.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. watchOS en versiones anteriores a 3.1.3 está afectado. El problema involucra al componente \"Kernel\". Esto permite a atacantes ejecutar código arbitrario en un contexto privilegiado o provocar una denegación de servicio (desbordamiento de búfer) a través de una aplicación manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.12.3","matchCriteriaId":"2C0A5654-F7F3-44BB-8435-58CBA014E30F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.3","matchCriteriaId":"C9540262-A485-409C-862B-81F607E120B7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95731","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1004","source":"product-security@apple.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207483","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41163/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95731","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1004","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207483","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41163/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2371","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. El problema involucra al componente \"WebKit\" que permite a atacantes remotos enviar ventanas emergentes a través de un sito web manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95735","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41451/","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95735","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41451/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2372","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.400","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the \"Projects\" component, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. GarageBand en versiones anteriores a 10.1.5 está afectado. Logic Pro X en versiones anteriores a 10.3 está afectado. El problema involucra al componente \"Projects\", que permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un archivo GarageBand project manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:logic_pro_x:*:*:*:*:*:*:*:*","versionEndIncluding":"10.2.4","matchCriteriaId":"3300DB0D-1E0C-4FB8-B342-865FF10B4336"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.4","matchCriteriaId":"0F2AC9E6-E433-4187-8765-67960069853A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95627","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037627","source":"product-security@apple.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0262/","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207476","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207477","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95627","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037627","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0262/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207477","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-2373","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. iOS en versiones anteriores a 10.2.1 está afectado. Safari en versiones anteriores a 10.0.3 está afectado. tvOS en versiones anteriores a 10.1.1 está afectado. El problema involucra al componente \"WebKit\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sito web manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"10.1.1","matchCriteriaId":"1E8B1972-710B-4BEC-A25D-D429929A5D80"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*","versionEndExcluding":"10.0.3","matchCriteriaId":"F019AB91-9FA4-4F62-9A74-9867F8646767"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"10.2.1","matchCriteriaId":"9F9688ED-4532-49E5-80C8-C59D0017D3CB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*","versionEndExcluding":"2.16.3","matchCriteriaId":"1DA72FCA-BC36-46FE-89F4-087C01633348"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95727","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"product-security@apple.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"product-security@apple.com","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41216/","source":"product-security@apple.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/95727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037668","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201706-15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.apple.com/HT207482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207484","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://support.apple.com/HT207485","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41216/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2374","sourceIdentifier":"product-security@apple.com","published":"2017-02-20T08:59:05.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the \"Projects\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file."},{"lang":"es","value":"Se ha descubierto un problema en ciertos productos Apple. GarageBand en versiones anteriores a 10.1.6 está afectado. El problema involucra al componente \"Projects\". Esto permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo GarageBand project."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apple:garageband:*:*:*:*:*:*:*:*","versionEndIncluding":"10.1.5","matchCriteriaId":"7A55BDB7-FAA1-4C59-B266-31AD13890B8E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96171","source":"product-security@apple.com"},{"url":"http://www.securitytracker.com/id/1037868","source":"product-security@apple.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2017-0275/","source":"product-security@apple.com"},{"url":"https://support.apple.com/HT207518","source":"product-security@apple.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96171","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037868","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2017-0275/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.apple.com/HT207518","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6249","sourceIdentifier":"f5sirt@f5.com","published":"2017-02-20T15:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files."},{"lang":"es","value":"peticiones F5 BIG-IP 12.0.0 y 11.5.0 - 11.6.1 REST que expiran durante la autenticación de una cuenta de usuario pueden registrar atributos sensibles como contraseñas en plaintext para /var/log/restjavad.0.log. Esto puede permitir a usuarios locales obtener información sensible al leer estos archivos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1C0312FC-8178-46DE-B4EE-00F2895073BA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"BC6C5628-14FF-4D75-B62E-D4B2707C1E3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"C9E574F6-34B6-45A6-911D-E5347DA22F69"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"BCF94129-8779-4D68-8DD4-B828CA633746"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"BA2E88AA-0523-48D0-8664-6AFDBCB6C940"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"CFA77C6B-72DB-4D57-87CF-11F2C7EDB828"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"E33BCA5B-CE91-451C-9821-2023A9E461C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"3755740D-F1DC-4910-ADDD-9D491515201C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"EA244A7D-F65D-4114-81C8-CE811959EA10"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"5EA9F72C-8344-4370-B511-31BEC8BA63E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"96CF015E-C74B-4215-9103-8087BC1D12AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"CFE4DB00-433D-414A-A1CE-E507B9BB809B"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"B276E4DF-69FC-4158-B93A-781A45605034"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"CBAB92C5-2D50-49CC-AECA-0D16BC44A788"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"532AAF54-64EF-4852-B4F1-D5E660463704"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"A7D226F1-6513-4233-BE20-58D7AB24978F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"B33B2082-E040-4799-A260-BA687ED8614E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"A85766A4-2181-4719-ADCF-4FEA0031DB80"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"D2E93EE3-DB73-468E-87CA-4D277F283648"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"ADB01A61-1924-417F-8A75-9FDF8F14F754"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"2A065BC0-56BD-4665-A860-EBA37F1A4D8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D0EDB8E9-E6FB-406E-B1D3-C620F114804C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"A4489382-0668-4CFB-BA89-D54762937CEE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"9850D0AA-B173-47B2-9B69-75E6D1FAF490"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"40994EB4-4D31-4697-964D-1F0B09864DF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E5B40837-EC2B-41FB-ACC3-806054EAF28C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"48BE0210-7058-462A-BA17-845D3E4F52FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3CA2FA6B-3930-432F-8FB5-E73604CEFE42"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1AD2C1D2-103E-4B0F-84AA-999F01E695F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"855E91A4-0A0C-4E5C-8019-FB513A793803"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"FCCC2092-E109-4FF6-9B85-6C9434269851"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"8923BB93-96C1-417B-9172-4A81E731EBA2"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"274E34BF-82A5-4D9E-BC72-202193A47A5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"475F0EF8-42CB-4099-9C4A-390F946C4924"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"94DBCD7A-E4DA-4C08-87A4-960CF53A83E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"62B0A70A-D101-443E-A543-5EC35E23D66F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"524B2D05-508C-47FF-94A0-6CC42060E638"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"0594DBC5-8470-416C-A5EA-E04F5AB2C799"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"BD3A3BA6-6F60-45CA-8F52-687B671B077A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"202B6870-718C-4F8D-9BAB-7ED6385BF2A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"EC6A3691-ADC4-44BC-8A11-D855B13EF128"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"D7D7863D-B064-4D7A-A66B-C3D3523425FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"911BB6DB-B2D1-4855-A65C-F0799E034358"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"13E6D2CA-CC4F-4317-A842-4DF0693B0CB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"AB017D7A-3290-4EF5-9647-B488771A5F32"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"4F316C54-FAE4-48D8-9E40-ED358C30BF24"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"5CDEC701-DAB3-4D92-AA67-B886E6693E46"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"8C641B4F-DCFF-4A1B-9E00-EDF18A270241"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"E5D27D4A-BD5C-4FA9-AA72-F7956298DE06"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"12F86EB5-D581-4103-A802-44D968BA8D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"E6203A11-82C3-4ABA-94E9-085BFF1A0E4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"06224D59-35F8-4168-80C5-CF5B17E99050"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"2FF5A5F6-4BA3-4276-8679-B5560EACF2E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"A2B502F2-404C-463B-B6BE-87489DC881F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"1B6EA0C0-9C26-4A87-98F1-5B317D606ECB"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"4D379372-A226-4230-B1F3-04C696518BD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"22FAC35D-2803-49B0-9382-F14594B88FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3C72257B-FF99-4707-A0E3-316D538B1CF6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"C1EA4F45-35F7-4687-8D1A-A5ACD846500A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"23FF9627-E561-4CF7-A685-6E33D2F6C98C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"B45F50EB-D059-4251-AF03-DEC2F306C74C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.5.1:*:*:*:*:*:*:*","matchCriteriaId":"50A13328-66C1-4D9D-8E46-754401D5F457"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.5.2:*:*:*:*:*:*:*","matchCriteriaId":"E94FCC0F-5505-4123-B3FA-ACB90DDE276E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.5.3:*:*:*:*:*:*:*","matchCriteriaId":"22A30CF4-7D0D-46A6-A2F4-8DC0C1AA4480"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.5.4:*:*:*:*:*:*:*","matchCriteriaId":"38245250-AE45-456F-9C40-A073AED930C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:*","matchCriteriaId":"228D5DA1-C78A-4E05-997A-50F6C1B59593"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:11.6.1:*:*:*:*:*:*:*","matchCriteriaId":"452C59B8-230D-4FC0-B76D-FA6E381E3713"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"2EE1EEA6-1E25-4A90-91A1-386D19808557"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1037873","source":"f5sirt@f5.com"},{"url":"https://support.f5.com/csp/article/K12685114","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037873","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K12685114","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-0038","sourceIdentifier":"secure@microsoft.com","published":"2017-02-20T16:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220."},{"lang":"es","value":"gdi32.dll en Graphics Device Interface (GDI) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos obtener información sensible de la memoria dinámica de proceso a través de un archivo EMF manipulado, como demostrado por un registro EMR_SETDIBITSTODEVICE con dimensiones Device Independent Bitmap (DIB) modificadas. NOTA: esta vulenrabilidad existe por un arreglo incompleto de la CVE-2016-3216, CVE-2016-3219 y/o CVE-2016-3220."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*","matchCriteriaId":"21540673-614A-4D40-8BD7-3F07723803B0"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:*","matchCriteriaId":"232581CC-130A-4C62-A7E9-2EC9A9364D53"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*","matchCriteriaId":"E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*","matchCriteriaId":"7519928D-0FF2-4584-8058-4C7764CD5671"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*","matchCriteriaId":"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*","matchCriteriaId":"197E82CB-81AF-40F1-A55C-7B596891A783"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0C28897B-044A-447B-AD76-6397F8190177"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*","matchCriteriaId":"2ACA9287-B475-4AF7-A4DA-A7143CEF9E57"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*","matchCriteriaId":"A7DF96F8-BA6A-4780-9CA3-F719B3F81074"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*","matchCriteriaId":"DB18C4CE-5917-401E-ACF7-2747084FD36E"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*","matchCriteriaId":"AF6437F9-6631-49D3-A6C2-62329E278E31"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*","matchCriteriaId":"0A0D2704-C058-420B-B368-372D1129E914"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96023","source":"secure@microsoft.com"},{"url":"http://www.securitytracker.com/id/1037845","source":"secure@microsoft.com"},{"url":"https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html","source":"secure@microsoft.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=992","source":"secure@microsoft.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038","source":"secure@microsoft.com"},{"url":"https://www.exploit-db.com/exploits/41363/","source":"secure@microsoft.com"},{"url":"http://www.securityfocus.com/bid/96023","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037845","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://0patch.blogspot.com/2017/02/0patching-0-day-windows-gdi32dll-memory.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=992","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/k0keoyo/CVE-2017-0038-EXP-C-JS","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0038","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41363/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-10227","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets."},{"lang":"es","value":"Zyxel USG50 Security Appliance y NWA3560-N Access Point permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una inundación de paquetes ICMPv4 Port Unreachable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:usg50_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"3E338928-4370-4310-8EC1-80A879F529C3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:usg50:-:*:*:*:*:*:*:*","matchCriteriaId":"FE138A97-1AB8-493D-92AA-276DFA40E14F"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:zyxel:nwa3560-n_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"2AC6FC28-1712-4F1D-9593-A88C9262DA12"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:zyxel:nwa3560-n:-:*:*:*:*:*:*:*","matchCriteriaId":"84FA7457-97E3-4013-92EE-80F8A766279A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/97105","source":"cve@mitre.org"},{"url":"http://www.zyxel.com/support/announcement_blacknurse_attack.shtml","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://cxsecurity.com/issue/WLB-2017020177","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97105","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.zyxel.com/support/announcement_blacknurse_attack.shtml","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://cxsecurity.com/issue/WLB-2017020177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9269","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary commands on the system as root via Patch Update functionality. This was resolved in Version 6.5 CP 1737."},{"lang":"es","value":"Ejecución de comandos remota en com.trend.iwss.gui.servlet.ManagePatches en Trend Micro Interscan Web Security Virtual Appliance (IWSVA) versión 6.5-SP2_Build_Linux_1707 y versiones anteriores permite a usuarios remotos autenticados con menos privilegios ejecutar comandos arbitrarios en el sistema como root a través de la funcionalidad Patch Update. Esto se resolvió en la Versión 6.5 CP 1737."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"13E40CEF-289B-4946-AFAD-D247C5EEE20C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96252","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037849","source":"cve@mitre.org"},{"url":"https://success.trendmicro.com/solution/1116672","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96252","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://success.trendmicro.com/solution/1116672","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9314","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737."},{"lang":"es","value":"Divulgación de información sensible en com.trend.iwss.gui.servlet.ConfigBackup en Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versión 6.5-SP2_Build_Linux_1707 y versiones anteriores permite a usuarios remotos autenticados con menos privilegios hacer una copia de seguridad de la configuración del sistema y descargarla en su máquina local. Esta copia de seguridad contiene información sensible como archivos passwd/shadow, certificados RSA, claves privadas y frases de contraseñas por defecto, etc. Esto se resolvió en Versión 6.5 CP 1737."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"13E40CEF-289B-4946-AFAD-D247C5EEE20C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96252","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037849","source":"cve@mitre.org"},{"url":"https://success.trendmicro.com/solution/1116672","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96252","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://success.trendmicro.com/solution/1116672","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9315","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to change Master Admin's password and/or add new admin accounts. This was resolved in Version 6.5 CP 1737."},{"lang":"es","value":"Vulnerabilidad de escalada de privilegios en com.trend.iwss.gui.servlet.updateaccountadministration en Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versión 6.5-SP2_Build_Linux_1707 y versiones anteriores permite a usuarios remotos autenticados con menos privilegios cambiar la contraseña del administrador Master y/o añadir nuevas cuentas de administrador. Esto se resolvió en Version 6.5 CP 1737."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"13E40CEF-289B-4946-AFAD-D247C5EEE20C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96252","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037849","source":"cve@mitre.org"},{"url":"https://success.trendmicro.com/solution/1116672","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96252","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://success.trendmicro.com/solution/1116672","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9316","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS almacenadas en com.trend.iwss.gui.servlet.updateaccountadministration en Trend Micro InterScan Web Security Virtual Appliance (IWSVA) versión 6.5-SP2_Build_Linux_1707 y versiones anteriores permite a usuarios remotos autenticados con menos privilegios inyectar código HTML/JavaScript arbitrario en páginas web. Esto se resolvió en Versión 6.5 CP 1737."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trendmicro:interscan_web_security_virtual_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"6.5","matchCriteriaId":"13E40CEF-289B-4946-AFAD-D247C5EEE20C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96252","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037849","source":"cve@mitre.org"},{"url":"https://success.trendmicro.com/solution/1116672","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96252","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://success.trendmicro.com/solution/1116672","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5881","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file."},{"lang":"es","value":"GOM Player 2.3.10.5266 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de un archivo fpx manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gomlab:gom_player:2.3.10.5266:*:*:*:*:*:*:*","matchCriteriaId":"F689054E-5620-4291-BB93-4E9C06BF730F"}]}]}],"references":[{"url":"https://www.exploit-db.com/exploits/41367/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41367/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5959","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token."},{"lang":"es","value":"Elusión de token CSRF en GeniXCMS en versiones anteriores a 1.0.2 podría resultar en escalación de privilegios. La página forgotpassword.php puede ser usada para adquirir un token."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:metalgenix:genixcms:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.1","matchCriteriaId":"F3FC9002-2943-4B9A-94AC-A1D1FEC168A7"}]}]}],"references":[{"url":"https://github.com/semplon/GeniXCMS/issues/70","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.2","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/issues/70","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/semplon/GeniXCMS/releases/tag/v1.0.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6070","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form."},{"lang":"es","value":"CMS Made Simple versión 1.x Form Builder antes de la versión 0.8.1.6 permite a atacantes remotos ejecutar código PHP a través del parámetro cntnt01fbrp_forma_form_template en admin_store_form."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:form_builder:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8.1.5","matchCriteriaId":"D4E11B70-26B8-4C0C-A545-5CBC12AC2FFA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.2","matchCriteriaId":"DBC86285-74C1-45C4-B9E6-C74B992D3DC2"}]}]}],"references":[{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"cve@mitre.org","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6071","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml."},{"lang":"es","value":"CMS Made Simple versión 1.x Form Builder antes de la versión 0.8.1.6 permite a atacantes remotos llevar a cabo ataques de divulgación de información a través de exportxml."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:form_builder:*:*:*:*:*:cms_made_simple:*:*","versionEndIncluding":"0.8.1.5","matchCriteriaId":"02E39951-3657-4625-BAD5-C5B1622FAC9D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.2","matchCriteriaId":"DBC86285-74C1-45C4-B9E6-C74B992D3DC2"}]}]}],"references":[{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"cve@mitre.org","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6072","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.453","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin."},{"lang":"es","value":"CMS Made Simple versión 1.x Form Builder antes de la versión 0.8.1.6 permite a atacantes remotos llevar a cabo ataques de divulgación de información a través de defaultadmin."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:form_builder:*:*:*:*:*:*:*:*","versionEndIncluding":"0.8.1.5","matchCriteriaId":"D4E11B70-26B8-4C0C-A545-5CBC12AC2FFA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*","versionEndIncluding":"1.12.2","matchCriteriaId":"DBC86285-74C1-45C4-B9E6-C74B992D3DC2"}]}]}],"references":[{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"cve@mitre.org","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://dev.cmsmadesimple.org/project/files/69","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://daylight-it.com/security-advisory-dlcs0001.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6078","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.483","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section."},{"lang":"es","value":"FastStone MaxView 3.0 y 3.1 permite a atacantes asistidos por usuario provocar una denegación de servicio (caída de aplicación) a través de iimagen BMP malformada con un campo biSize manipulado en la sección BITMAPINFOHEADER."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:faststone:maxview:3.0:*:*:*:*:*:*:*","matchCriteriaId":"A8CDA7CF-58C1-4070-8C4A-E82530FF0F92"},{"vulnerable":true,"criteria":"cpe:2.3:a:faststone:maxview:3.1:*:*:*:*:*:*:*","matchCriteriaId":"5AA57988-0A33-4496-919F-1B7E8CB13C42"}]}]}],"references":[{"url":"https://github.com/ilsani/rd/tree/master/security-advisories/faststone/maxview-cve-2017-6078","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ilsani/rd/tree/master/security-advisories/faststone/maxview-cve-2017-6078","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6095","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id."},{"lang":"es","value":"Se ha descubierto un problema de inyección SQL en el Mail Masta (también conocido como mail-masta) plugin 1.0 para WordPress. Esto afecta /inc/lists/csvexport.php (No autenticado) con el GET Parameter: list_id."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mail-masta_project:mail-masta:1.0:*:*:*:*:wordpress:*:*","matchCriteriaId":"0A1D4EFB-901F-4059-AB9B-F47E629F079A"}]}]}],"references":[{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6096","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.547","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list."},{"lang":"es","value":"Se ha descubierto un problema de inyección SQL en el Mail Masta (también conocido como mail-masta) plugin 1.0 paara WordPress. Esto afecta /inc/lists/view-list.php (requiere autenticación al administrador de Wordpress) con el GET Parameter: filter_list."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mail-masta_project:mail-masta:1.0:*:*:*:*:wordpress:*:*","matchCriteriaId":"0A1D4EFB-901F-4059-AB9B-F47E629F079A"}]}]}],"references":[{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6097","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.577","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id."},{"lang":"es","value":"Se ha descubierto un problema de inyección SQL en el Mail Masta (también conocido como mail-masta) plugin 1.0 para WordPress. Esto afecta /inc/campaign/count_of_send.php (requiere autenticación al administrador de Wordpress) con el POST Parameter: camp_id."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mail-masta_project:mail-masta:1.0:*:*:*:*:wordpress:*:*","matchCriteriaId":"0A1D4EFB-901F-4059-AB9B-F47E629F079A"}]}]}],"references":[{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6098","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T07:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id."},{"lang":"es","value":"Se ha descubierto un problema de inyección SQL en el Mail Masta (también conocido como mail-masta) plugin 1.0 para WordPress. Esto afecta /inc/campaign_save.php (requiere autenticación al administrador de Wordpress) con el POST Parameter: list_id."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mail-masta_project:mail-masta:1.0:*:*:*:*:wordpress:*:*","matchCriteriaId":"0A1D4EFB-901F-4059-AB9B-F47E629F079A"}]}]}],"references":[{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8740","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"https://www.exploit-db.com/exploits/41438/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-4056","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T19:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access."},{"lang":"es","value":"System Library en VCE Vision Intelligent Operations en versiones anteriores a 2.6.5 no implementa criptografía adecuadamente, lo que hace más fácil a usuarios locales descubrir credenciales aprovechando acceso administrativo."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-310"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:vce_vision_intelligent_operations:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.4","matchCriteriaId":"A175B5DB-F11B-4E3D-8AD9-468741D50704"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2015/Jun/91","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/bugtraq/2015/Jun/91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-4057","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T19:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The \"Plug-in for VMware vCenter\" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network."},{"lang":"es","value":"El \"Plug-in for VMware vCenter\" en VCE Vision Intelligent Operations en versiones anteriores a 2.6.5 envía una respuesta HTTP en texto plano a petición de la pantalla Configuración, lo que permite a atacantes remotos descubrir la contraseña de administrador espiando la red."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dell:vce_vision_intelligent_operations:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.4","matchCriteriaId":"A175B5DB-F11B-4E3D-8AD9-468741D50704"}]}]}],"references":[{"url":"http://seclists.org/bugtraq/2015/Jun/91","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/bugtraq/2015/Jun/91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6127","sourceIdentifier":"cve@mitre.org","published":"2017-02-21T20:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2) change the Wi-Fi password, or (3) possibly have unspecified other impact via crafted requests to form2WlanBasicSetup.cgi."},{"lang":"es","value":"Múltiples vulnerabilidades de CSRF en el portal de acceso en el DIGISOL DG-HR1400 Wireless Router con firmware 1.00.02 permiten a atacantes remotos secuestrar la autenticación de administradores para peticiones que (1) cambian el SSID, (2) cambian la contraseña Wi-Fi, o (3) tienen posiblemente otro impacto no especificado a través de peticiones manipuladas a form2WlanBasicSetup.cgi."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:digisol:dg-hr1400_firmware:1.00.02:*:*:*:*:*:*:*","matchCriteriaId":"2E5178DD-41D2-4454-8A7C-659DC5B63156"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:digisol:dg-hr1400:-:*:*:*:*:*:*:*","matchCriteriaId":"2395C902-58EF-4A48-927D-D6B27FFD9B5C"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Feb/66","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96369","source":"cve@mitre.org"},{"url":"https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/66","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96369","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://drive.google.com/file/d/0B6715xUqH18MeV9GOVE0ZmFrQUU/view","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9049","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-21T22:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de denegación de servicio en el componente fabric-worker de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que el proceso del servidor no haga referencia a un puntero nulo. Un atacante se puede conectar simplemente a un puerto TCP con el fin de desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96376","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0263/","source":"talos-cna@cisco.com","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96376","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0263/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9051","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-21T22:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de escritura fuera de límites en la funcionalidad de análisis de campo de transacción por lotes de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar una escritura fuera de límites resultando en corrupción de memoria que puede conducir a la ejecución remota de código. Un atacante puede conectarse simplemente al puerto para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96374","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0265/","source":"talos-cna@cisco.com","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96374","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0265/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9053","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-21T22:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad de indexación fuera de límites dentro del tipo de partícula de mensaje RW fabric de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que el servidor busque una tabla de funciones fuera de límite de un array resultando en ejecución remota de código. Un atacante puede conectarse simplemente al puerto para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aerospike:database_server:3.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"665632F2-A06C-4767-9607-44706CD1EB98"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96372","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0267/","source":"talos-cna@cisco.com","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96372","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0267/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Technical Description","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-2684","sourceIdentifier":"productcert@siemens.com","published":"2017-02-22T02:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication."},{"lang":"es","value":"Siemens SIMATIC Logon en versiones anteriores a V1.5 SP3 Update 2 podría permitir a un atacante con conocimiento de un nombre de usuario válido, y acceso físico o de red al sistema afectado, eludir la autenticación a nivel de aplicación."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-592"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:simatic_logon:*:sp3_update_1:*:*:*:*:*:*","versionEndIncluding":"1.5","matchCriteriaId":"0E791A5D-A304-4C65-84CA-859984342446"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96208","source":"productcert@siemens.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf","source":"productcert@siemens.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96208","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-931064.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3821","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609)."},{"lang":"es","value":"Una vulnerabilidad en la página de servicio de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo ataques de XSS reflejados. Más Información: CSCvc49348. Lanzamientos Afectados Conocidos: 10.5(2.14076.1). Lanzamientos Reparados Conocidos: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.14076.1\\):*:*:*:*:*:*:*","matchCriteriaId":"7E96831F-40D0-4C7C-97FC-E8D3C063822C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96241","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037839","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96241","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037839","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3827","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, that are configured with message or content filters to scan incoming email attachments on the ESA or services scanning content of web access on the WSA. More Information: SCvb91473, CSCvc76500. Known Affected Releases: 10.0.0-203 9.9.9-894 WSA10.0.0-233."},{"lang":"es","value":"Una vulnerabilidad en el escáner Multipurpose Internet Mail Extensions (MIME) de Cisco AsyncOS Software para Cisco Email Security Appliances (ESA) y Web Security Appliances (WSA) podría permitir a un atacante remoto no autenticado eludir filtros configurados por en usuario en el dispositivo. Productos Afectados: Esta vulnerabilidad afecta a todos los lanzamientos anteriores al primer lanzamiento reparado de Cisco AsyncOS Software para Cisco ESA y Cisco WSA, tanto accesorios virtuales como de hardware, que están configurados con filtros de mensajes o contenido para escanear adjuntos de emails entrantes en ESA o servicios de escaneo de contenido de acceso web en WSA. Más Información: SCvb91473, CSCvc76500. Lanzamientos Afectados Conocidos: 10.0.0-203 9.9.9-894 WSA10.0.0-233."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.0.0-082:*:*:*:*:*:*:*","matchCriteriaId":"C61A651C-7CBF-4CFA-A991-4D6B3DB37F44"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.0.0-124:*:*:*:*:*:*:*","matchCriteriaId":"617447D7-9DD7-4645-9BCC-27A0C5D3759B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.0.0-125:*:*:*:*:*:*:*","matchCriteriaId":"D64F74FC-51C1-4461-9E88-CD181CF5C8B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.0.0-203:*:*:*:*:*:*:*","matchCriteriaId":"610C3E11-E7B4-4BBD-864E-06AF1331DC1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:web_security_appliance:10.0.0-232:*:*:*:*:*:*:*","matchCriteriaId":"8F4BDE8C-6D41-4BCF-8BB3-9256E2AD09E8"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:9.9.6-026:*:*:*:*:*:*:*","matchCriteriaId":"A0958602-8C88-4E0E-8720-F4D7AB7692AD"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:9.9.9-894:*:*:*:*:*:*:*","matchCriteriaId":"3DD71897-DEB5-4DD9-86B8-EDB0CC74B0F2"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-082:*:*:*:*:*:*:*","matchCriteriaId":"87F87B04-1F5F-4384-A03D-7FE4F3569C36"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-124:*:*:*:*:*:*:*","matchCriteriaId":"61539DE3-591F-4CAA-889B-654037A07DC4"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-125:*:*:*:*:*:*:*","matchCriteriaId":"7C4E4BBD-F14C-4573-B771-FA0303A6220C"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-203:*:*:*:*:*:*:*","matchCriteriaId":"878EFC2D-79C0-4B6C-A1FB-9F7B19CFC7D7"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:email_security_appliance_firmware:10.0.0-232:*:*:*:*:*:*:*","matchCriteriaId":"6907C80C-4359-4D59-9619-C36F536CD3F2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96239","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037831","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037832","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96239","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037831","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037832","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-asyncos","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3828","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvb98777. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Más Información: CSCvb98777. Lanzamientos Afectados Conocidos: 11.0(1.10000.10) 11.5(1.10000.6). Lanzamientos Reparados Conocidos: 11.0(1.23063.1) 11.5(1.12029.1) 11.5(1.12900.11) 11.5(1.12900.21) 11.6(1.10000.4) 12.0(0.98000.156) 12.0(0.98000.178) 12.0(0.98000.369) 12.0(0.98000.470) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*","matchCriteriaId":"F47282B9-8B76-40E0-B72C-A6A196A37A0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*","matchCriteriaId":"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96240","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037839","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96240","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037839","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3829","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. More Information: CSCvc30999. Known Affected Releases: 12.0(0.98000.280). Known Fixed Releases: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Unified Communications Manager Switches podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Más Información: CSCvc30999. Lanzamientos Afectados Conocidos: 12.0(0.98000.280). Lanzamientos Reparados Conocidos: 11.0(1.23900.3) 12.0(0.98000.180) 12.0(0.98000.422) 12.0(0.98000.541) 12.0(0.98000.6)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*","matchCriteriaId":"F47282B9-8B76-40E0-B72C-A6A196A37A0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*","matchCriteriaId":"21BFC3A9-B6B1-49EE-A93A-6432BFE33E84"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96250","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037839","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96250","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037839","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3830","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.323","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance. More Information: CSCvc89678. Known Affected Releases: 2.1. Known Fixed Releases: 2.1.2."},{"lang":"es","value":"Una vulnerabilidad en una API interna de Cisco Meeting Server (CMS) podría permitir a un atacante remoto no autenticado provocar una condición de denegación de servicio (DoS) en la aplicación afectada. Más Información: CSCvc89678. Lanzamientos Afectados Conocidos: 2.1. Lanzamientos Reparados Conocidos: 2.1.2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B310B39B-7D5D-4533-9FE6-5F47985E35B0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96242","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037833","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms","source":"psirt@cisco.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96242","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037833","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3833","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSCvb95951. Known Affected Releases: 12.0(0.99999.2). Known Fixed Releases: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."},{"lang":"es","value":"Una vulnerabilidad en el marco web de Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web del software afectado. Más Información: CSCvb95951. Lanzamientos Afectados Conocidos: 12.0(0.99999.2). Lanzamientos Reparados Conocidos: 11.0(1.23064.1) 11.5(1.12031.1) 11.5(1.12900.21) 11.5(1.12900.7) 11.5(1.12900.8) 11.6(1.10000.4) 12.0(0.98000.155) 12.0(0.98000.178) 12.0(0.98000.366) 12.0(0.98000.367) 12.0(0.98000.468) 12.0(0.98000.469) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:12.0\\(0.99999.2\\):*:*:*:*:*:*:*","matchCriteriaId":"0EAC0A3F-DF32-4609-AB7E-174C833A3E57"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96246","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96246","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ucm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3835","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908)."},{"lang":"es","value":"Una vulnerabilidad en el portal patrocinador de Cisco Identity Services Engine (ISE) podría permitir a un atacante remoto no autenticado acceder a avisos de otros usuarios debido a inyección de SQL. Más Información: CSCvb15627. Lanzamientos Afectados Conocidos: 1.4(0.908)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_software:1.4\\(0.908\\):*:*:*:*:*:*:*","matchCriteriaId":"77F3CABE-0428-4B78-8B69-E145451E7FFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96249","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037841","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96249","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037841","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-ise","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3836","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data. More Information: CSCvb61689. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."},{"lang":"es","value":"Una vulnerabilidad en el marco web Cisco Unified Communications Manager podría permitir a un atacante remoto no autenticado visualizar datos sensibles. Más Información: CSCvb61689. Lanzamientos Afectados Conocidos: 11.5(1.11007.2). Lanzamientos Reparados Conocidos: 12.0(0.98000.162) 12.0(0.98000.178) 12.0(0.98000.383) 12.0(0.98000.488) 12.0(0.98000.536) 12.0(0.98000.6) 12.0(0.98500.6)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.11007.2\\):*:*:*:*:*:*:*","matchCriteriaId":"7D666F53-ABC2-4DC1-BC03-83B5CDC0DE82"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96251","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037840","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96251","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037840","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3837","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.450","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge. Affected Products: This vulnerability affects Cisco Meeting Server software releases prior to 2.1.2. This product was previously known as Acano Conferencing Server. More Information: CSCvc89551. Known Affected Releases: 2.0 2.0.7 2.1. Known Fixed Releases: 2.1.2."},{"lang":"es","value":"Una vulnerabilidad de HTTP Packet Processing en la interfaz Web Bridge de Cisco Meeting Server (CMS), anteriormente Acano Conferencing Server, podría permitir a un atacante remoto autenticado recuperar contenidos de la memoria, lo que podría conducir a la divulgación de información confidencial. Además, el atacante podría provocar potencialmente que la aplicación se bloqueara de forma inesperada, resultando en una condición de denegación de servicio (DoS). El atacante necesitaría estar autenticado y tener una sesión validada con Web Bridge. Productos Afectados: Esta vulnerabilidad afecta a lanzamientos de software Cisco Meeting Server anteriores a 2.1.2. Este producto fue previamente conocido como Acano Conferencing Server. Más Información: CSCvc89551. Lanzamientos Afectados Conocidos: 2.0 2.0.7 2.1. Lanzamientos Reparados Conocidos: 2.1.2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C48DC084-1DD2-4878-B1DB-1035CAE3B918"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"1CA9A904-9AB5-4757-ABD1-0F6F933799BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.3:*:*:*:*:*:*:*","matchCriteriaId":"8FA8A21E-97BA-4326-9F7B-FCBD480134EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.4:*:*:*:*:*:*:*","matchCriteriaId":"1E6FA3F5-752D-45AB-A8CB-6488F409D933"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.5:*:*:*:*:*:*:*","matchCriteriaId":"4B80C9BA-07EC-4183-9AAD-3229913C9FD7"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.6:*:*:*:*:*:*:*","matchCriteriaId":"9B1895DF-AFB1-4B6E-A42C-38F7E19A5842"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.7:*:*:*:*:*:*:*","matchCriteriaId":"3BC4BC50-1D9C-42F3-A88F-FE1E2C8A6C76"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.8:*:*:*:*:*:*:*","matchCriteriaId":"FA671C18-10F2-4A45-8D1C-BF460ECA84B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.0.9:*:*:*:*:*:*:*","matchCriteriaId":"F618372C-0913-4773-9267-A835F31FA776"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.1.0:*:*:*:*:*:*:*","matchCriteriaId":"B310B39B-7D5D-4533-9FE6-5F47985E35B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:meeting_server:2.1.1:*:*:*:*:*:*:*","matchCriteriaId":"B2720CCF-3B73-4268-94C7-9AE3D1ECAC75"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96243","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037834","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96243","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037834","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cms1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3838","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system. More Information: CSCvc04838. Known Affected Releases: 5.8(2.5)."},{"lang":"es","value":"Una vulnerabilidad en Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS basado en DOM contra el usuario de la interfaz web del sistema afectado. Más Información: CSCvc04838. Lanzamientos Afectados Conocidos: 5.8(2.5)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_access_control_system:5.8\\(2.5\\):*:*:*:*:*:*:*","matchCriteriaId":"71D8E834-FADA-48A8-8E7D-88E04D30255D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96234","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037835","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96234","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037835","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3839","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.513","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An XML External Entity vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc04845. Known Affected Releases: 5.8(2.5)."},{"lang":"es","value":"Una vulnerabilidad XML External Entity en la interfaz de usuario basada en web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado tener acceso de lectura a parte de la información almacenada en el sistema afectado. Más Información: CSCvc04845. Lanzamientos Afectados Conocidos: 5.8(2.5)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_access_control_system:5.8\\(2.5\\):*:*:*:*:*:*:*","matchCriteriaId":"71D8E834-FADA-48A8-8E7D-88E04D30255D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96236","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037836","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96236","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037836","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3840","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.543","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado redirigir a un usuario a una página web maliciosa, también conocido como una Open Redirect Vulnerability. Más Información: CSCvc04849. Lanzamientos Afectados Conocidos: 5.8(2.5)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_access_control_system:5.8\\(2.5\\):*:*:*:*:*:*:*","matchCriteriaId":"71D8E834-FADA-48A8-8E7D-88E04D30255D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96238","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037837","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96238","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037837","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3841","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information. More Information: CSCvc04854. Known Affected Releases: 5.8(2.5)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz web de Cisco Secure Access Control System (ACS) podría permitir a un atacante remoto no autenticado revelar información sensible. Más Información: CSCvc04854. Lanzamientos Afectados Conocidos: 5.8(2.5)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_access_control_system:5.8\\(2.5\\):*:*:*:*:*:*:*","matchCriteriaId":"71D8E834-FADA-48A8-8E7D-88E04D30255D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96237","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037838","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96237","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037838","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-acs3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3842","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager (IDM) could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.2(1)V7."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Intrusion Prevention System Device Manager (IDM) podría permitir a un atacante remoto no autenticado visualizar información sensible almacenada en ciertos comentarios HTML. Más Información: CSCuh91455. Lanzamientos Afectados Conocidos: 7.2(1)V7."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:intrusion_prevention_system_device_manager:7.2\\(1\\)v7:*:*:*:*:*:*:*","matchCriteriaId":"B813B065-3BAA-48EE-B4F3-F8FB060B9AC1"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96256","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037842","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96256","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037842","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-idm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3843","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted. More Information: CSCvc99446. Known Affected Releases: 11.5(0)."},{"lang":"es","value":"Una vulnerabilidad en las funciones de descarga de archivos para Cisco Prime Collaboration Assurance podría permitir a un atacante remoto autenticado descargar archivos del sistema que deberían estar restringidos. Más Información: CSCvc99446. Lanzamientos Afectados Conocidos: 11.5(0)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"869158A1-B464-4913-AC4B-D79EE02923CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"C4E04473-0066-43FF-AB83-97F3ACB7BFCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90DB2B98-EF32-4B41-89F1-9EA82E5A4FC9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96248","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037843","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96248","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037843","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3844","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.653","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc86238. Known Affected Releases: 11.5(0)."},{"lang":"es","value":"Una vulnerabilidad en las funciones de exportación de la interfaz de usuario para Cisco Prime Collaboration Assurance podrían permitir a un atacante remoto autenticado visualizar listas de directorios de archivos y descargar archivos. Productos Afectados: Cisco Prime Collaboration Assurance versiones del software 11.0, 11.1 y 11.5 son vulnerables. Versiones de software Cisco Prime Collaboration Assurance anteriores a 11.0 no son vulnerables. Más Información: CSCvc86238. Lanzamientos Afectados Conocidos: 11.5(0)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"869158A1-B464-4913-AC4B-D79EE02923CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"C4E04473-0066-43FF-AB83-97F3ACB7BFCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90DB2B98-EF32-4B41-89F1-9EA82E5A4FC9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96247","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037843","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96247","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037843","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3845","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.700","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are vulnerable. Cisco Prime Collaboration Assurance software versions prior to 11.0 are not vulnerable. More Information: CSCvc77783. Known Affected Releases: 11.5(0)."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de gestión basada en web de Cisco Prime Collaboration Assurance podría permitir a un atacante remoto no autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz de gestión basada en web de un dispositivo afectado. Productos Afectados: Cisco Prime Collaboration Assurance versiones de software 11.0, 11.1 y 11.5 son vulnerables. Versiones de software Cisco Prime Collaboration Assurance anteriores a 11.0 no son vulnerables. Más Información: CSCvc77783. Lanzamientos Afectados Conocidos: 11.5(0)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.0.0:*:*:*:*:*:*:*","matchCriteriaId":"869158A1-B464-4913-AC4B-D79EE02923CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"C4E04473-0066-43FF-AB83-97F3ACB7BFCA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_collaboration_assurance:11.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90DB2B98-EF32-4B41-89F1-9EA82E5A4FC9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96245","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037844","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp3","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96245","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037844","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-pcp3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3847","sourceIdentifier":"psirt@cisco.com","published":"2017-02-22T02:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1."},{"lang":"es","value":"Una vulnerabilidad en el marco web de Cisco Firepower Management Center podría permitir a un atacante remoto autenticado llevar a cabo un ataque de XSS contra un usuario de la interfaz web. Más Información: CSCvc72741. Lanzamientos Afectados Conocidos: 6.2.1.Cisco Firepower Management Center"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:secure_firewall_management_center:6.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1A4A52EA-D464-4855-ABEC-FD98E0F3BD97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96253","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-fpmc","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96253","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-fpmc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9682","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T05:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out information about the state of the system. The application doesn't properly escape the information passed in the 'tsrDeleteRestartedFile' or 'currentTSREmailTo' variables before making a call to system(), allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account."},{"lang":"es","value":"El servidor SonicWall Secure Remote Access (versión 8.1.0.2-14sv) es vulnerable a dos vulnerabilidades de Inyección Remota de Comandos en su interfaz administrativa web. Estas vulnerabilidades tienen lugar en el componente de diagnósticos CGI (/cgi-bin/diagnostics) responsable de enviar por correo electrónico información sobre el estado del sistema. La aplicación no escapa adecuadamente de la información pasada en las variables 'tsrDeleteRestartedFile' o 'currentTSREmailTo' antes de hacer una llamada al sistema(), permitiendo la inyección remota de comandos. La explotación de esta vulnerabilidad genera acceso shell a la máquina remota bajo la cuenta de usuario \"nobody\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:sonicwall_secure_remote_access_server:8.1.0.2-14sv:*:*:*:*:*:*:*","matchCriteriaId":"82AE3BB1-3886-41EE-866C-25EA3B21FDBA"}]}]}],"references":[{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96375","source":"cve@mitre.org"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0003","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/42342/","source":"cve@mitre.org"},{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96375","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0003","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/42342/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9683","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T05:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for handling some of the server's internal configurations. The CGI application doesn't properly escape the information it's passed when processing a particular multi-part form request involving scripts. The filename of the 'scriptname' variable is read in unsanitized before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account. This is SonicWall Issue ID 181195."},{"lang":"es","value":"El servidor SonicWall Secure Remote Access (versión 8.1.0.2-14sv) es vulnerable a una vulnerabilidad de Inyección Remota de Comandos en su interfaz administrativa web. Esta vulnerabilidad tiene lugar en el componente 'extensionsettings' CGI (/cgi-bin/extensionsettings) responsable del manejo de algunas de las configuraciones internas del servidor. La aplicación CGI no escapa adecuadamente de la información pasada cuando procesa una solicitud particular de formulario de múltiples partes que involucra secuencias de comandos. El nombre de archivo de la variable 'scriptname' es leído sin desinfección antes de que se realice una llamada al sistema() - permitiendo la inyección remota de comandos. La explotación de esta vulnerabilidad genera acceso shell a la máquina remota bajo la cuenta de usuario \"nobody\". Esto es SonicWall Issue ID 181195."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:sonicwall_secure_remote_access_server:8.1.0.2-14sv:*:*:*:*:*:*:*","matchCriteriaId":"82AE3BB1-3886-41EE-866C-25EA3B21FDBA"}]}]}],"references":[{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://pastebin.com/eJbeXgBr","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96375","source":"cve@mitre.org"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004","source":"cve@mitre.org"},{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://pastebin.com/eJbeXgBr","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96375","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0004","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9684","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T05:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL certificate information. The CGI application doesn't properly escape the information it's passed in the 'CERT' variable before a call to system() is performed - allowing for remote command injection. Exploitation of this vulnerability yields shell access to the remote machine under the nobody user account."},{"lang":"es","value":"El servidor SonicWall Secure Remote Access (version 8.1.0.2-14sv) es vulnerable a una vulnerabilidad de Inyección Remota de Comandos en su interfaz administrativa web. Esta vulnerabilidad tiene lugar en el componente 'viewcert' CGI (/cgi-bin/viewcert) responsable del procesamiento de la información del certificado SSL. La aplicación CGI no escapa adecuadamente de la información pasada en la variable 'CERT' antes de que se realice una llamada al sistema() - permitiendo la inyección remota de comandos. La explotación de esta vulnerabilidad genera acceso shell a la máquina remota bajo la cuenta de usuario \"nobody\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dell:sonicwall_secure_remote_access_server:8.1.0.2-14sv:*:*:*:*:*:*:*","matchCriteriaId":"82AE3BB1-3886-41EE-866C-25EA3B21FDBA"}]}]}],"references":[{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://pastebin.com/g1e2qU6N","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96375","source":"cve@mitre.org"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005","source":"cve@mitre.org"},{"url":"http://documents.software.dell.com/sonicwall-sma-100-series/8.1.0.7/release-notes/resolved-issues?ParentProduct=868","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://pastebin.com/g1e2qU6N","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96375","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2016-0005","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-4677","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument."},{"lang":"es","value":"La función installPackage en el subcomponente installerHelper en Libmacgpg en GPG Suite en versiones anteriores a 2015.06 permite a usuarios locales ejecutar comandos arbitrarios con privilegios root a través de metacaracteres shell en el argumento xmlPath."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gpgtools:libmacgpg:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6","matchCriteriaId":"65ADC217-6294-43A7-BF3E-520BD9EC1587"}]}]}],"references":[{"url":"https://bierbaumer.net/security/cve-2014-4677/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://gpgtools.org/releases/gpgsuite/2015.08/release-notes.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://bierbaumer.net/security/cve-2014-4677/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://gpgtools.org/releases/gpgsuite/2015.08/release-notes.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8636","sourceIdentifier":"secalert@redhat.com","published":"2017-02-22T16:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the mem_check_range function in drivers/infiniband/sw/rxe/rxe_mr.c in the Linux kernel before 4.9.10 allows local users to cause a denial of service (memory corruption), obtain sensitive information from kernel memory, or possibly have unspecified other impact via a write or read request involving the \"RDMA protocol over infiniband\" (aka Soft RoCE) technology."},{"lang":"es","value":"Desbordamiento de entero en la función mem_check_range en drivers/infiniband/sw/rxe/rxe_mr.c en el kernel de Linux en versiones anteriores a 4.9.10 permite a usuarios locales provocar una denegación de servicio (corrupción de memoria), obtener información sensible desde la memoria del kernel, o posiblemente tener otro impacto no especificado a través de una petición de escritura o lectura involucrando a la tecnología \"RDMA protocol over infiniband\" (también conocida como Soft RoCE)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.9.10","matchCriteriaId":"BF669C8C-DA7B-431E-B9C2-38CD57DAFC0A"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10","source":"secalert@redhat.com","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/11/9","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96189","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421981","source":"secalert@redhat.com","tags":["Issue Tracking","Patch"]},{"url":"https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/","source":"secalert@redhat.com","tags":["Patch","Technical Description","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=647bf3d8a8e5777319da92af672289b2a6c4dc66","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/11/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96189","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1421981","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://eyalitkin.wordpress.com/2017/02/11/cve-publication-cve-2016-8636/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Technical Description","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9377","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation."},{"lang":"es","value":"Xen 4.5.x hasta la versión 4.7.x en sistemas AMD sin la funcionalidad NRip, cuando se emulan instrucciones que generan interrupciones de software, permite a usuarios locales de SO huésped HVM provocar una denegación de servicio (caída del invitado) aprovechando error de cálculo de entrada IDT."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-682"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90CCECD0-C0F9-45A8-8699-64428637EBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F0ED340C-6746-471E-9F2D-19D62D224B7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"99BD7C4F-DE4C-4508-B20D-46A94B616C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3374F1FB-70F9-4EBC-837B-0D42282E3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","matchCriteriaId":"37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B814C381-4991-495A-B530-7543F977B346"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"BBB7BAFE-9CB4-40D2-908C-55307728116F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94475","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037345","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-196.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94475","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037345","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-196.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9378","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery."},{"lang":"es","value":"Xen 4.5.x hasta la versión 4.7.x en sistemas AMD sin la funcionalidad NRip, cuando se emulan instrucciones que generan interrupciones de software, permite a usuarios locales de SO huésped HVM provocar una denegación de servicio (caída del invitado) aprovechando una elección incorrecta para la entrega de interrupciones de software."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*","matchCriteriaId":"90CCECD0-C0F9-45A8-8699-64428637EBCA"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.1:*:*:*:*:*:*:*","matchCriteriaId":"F0ED340C-6746-471E-9F2D-19D62D224B7A"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.2:*:*:*:*:*:*:*","matchCriteriaId":"99BD7C4F-DE4C-4508-B20D-46A94B616C5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.3:*:*:*:*:*:*:*","matchCriteriaId":"3374F1FB-70F9-4EBC-837B-0D42282E3E5F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.5.5:*:*:*:*:*:*:*","matchCriteriaId":"37DA3D28-EAE7-4EC9-977C-444A46CBD9C7"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.0:*:*:*:*:*:*:*","matchCriteriaId":"4B6F7CE9-C409-4D88-9A99-B21420633F45"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.1:*:*:*:*:*:*:*","matchCriteriaId":"B814C381-4991-495A-B530-7543F977B346"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.3:*:*:*:*:*:*:*","matchCriteriaId":"14442705-D243-4250-A486-E70989946D73"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.6.4:*:*:*:*:*:*:*","matchCriteriaId":"BBB7BAFE-9CB4-40D2-908C-55307728116F"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94475","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037345","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-196.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94475","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037345","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-196.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9384","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table."},{"lang":"es","value":"Xen 4.7 permite a usuarios locales de SO huésped obtener información sensible del host cargando una tabla de símbolos 32-bit ELF."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94468","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037343","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-194.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa194.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037343","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-194.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa194.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9400","sourceIdentifier":"security@debian.org","published":"2017-02-22T16:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling."},{"lang":"es","value":"El método CClient::ProcessServerPacket en engine/client/client.cpp en Teeworlds en versiones anteriores a 0.6.4 permite a servidores remotos escribir en ubicaciones de memoria física arbitrarias y posiblemente ejecutar código arbitrario a través de vectores que involucran manipulación rápida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:teeworlds:teeworlds:*:*:*:*:*:*:*:*","versionEndExcluding":"0.6.4","matchCriteriaId":"3B5CAEFC-09C5-47D5-B3B0-2006F7F785F0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/8","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/8","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94381","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62","source":"security@debian.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/","source":"security@debian.org"},{"url":"https://security.gentoo.org/glsa/201705-13","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"https://www.teeworlds.com/?page=news&id=12086","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/16/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/17/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94381","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C4JNSBXXPE7O32ZMFK7D7YL6EKLG7PRV/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201705-13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.teeworlds.com/?page=news&id=12086","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9909","sourceIdentifier":"secalert@redhat.com","published":"2017-02-22T16:59:00.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values."},{"lang":"es","value":"El serializador en html5lib en versiones anteriores a 0.99999999 podría permitir a atacantes remotos llevar a cabo ataques de XSS aprovechando el manejo incorrecto del carácter < (menor que) en valores de atributo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:html5lib:html5lib:*:1.0b8:*:*:*:*:*:*","versionEndIncluding":"0.99999999","matchCriteriaId":"18761624-335A-475D-A79F-625735B9FF3D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/06/5","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/8","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95132","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://github.com/html5lib/html5lib-python/issues/11","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://github.com/html5lib/html5lib-python/issues/12","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://html5lib.readthedocs.io/en/latest/changes.html#b9","source":"secalert@redhat.com","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/06/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95132","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/html5lib/html5lib-python/issues/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/html5lib/html5lib-python/issues/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://html5lib.readthedocs.io/en/latest/changes.html#b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2016-9910","sourceIdentifier":"secalert@redhat.com","published":"2017-02-22T16:59:00.443","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909."},{"lang":"es","value":"El serializador en html5lib en versiones anteriores a 0.99999999 podría permitir a atacantes remotos llevar a cabo ataques de XSS aprovechando el manejo incorrecto de caracteres especiales en valores de atributo, una vulnerabilidad diferente a CVE-2016-9909."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:html5lib:html5lib:*:1.0b8:*:*:*:*:*:*","versionEndIncluding":"0.99999999","matchCriteriaId":"18761624-335A-475D-A79F-625735B9FF3D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/06/5","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/8","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95132","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7","source":"secalert@redhat.com","tags":["Patch"]},{"url":"https://github.com/html5lib/html5lib-python/issues/11","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://github.com/html5lib/html5lib-python/issues/12","source":"secalert@redhat.com","tags":["Vendor Advisory"]},{"url":"https://html5lib.readthedocs.io/en/latest/changes.html#b9","source":"secalert@redhat.com","tags":["Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/06/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/08/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95132","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/html5lib/html5lib-python/issues/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://github.com/html5lib/html5lib-python/issues/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://html5lib.readthedocs.io/en/latest/changes.html#b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]}]}},{"cve":{"id":"CVE-2016-9956","sourceIdentifier":"security@debian.org","published":"2017-02-22T16:59:00.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script."},{"lang":"es","value":"El administrador de ruta en FlightGear en versiones anteriores a 2016.4.4 permite a atacantes remotos escribir en archivos arbitrarios a través de una secuencia de comandos Nasal manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flightgear:flightgear:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.4.3","matchCriteriaId":"CAD00726-ECDA-40A8-B720-86F858C5F8AB"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3742","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/14/11","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/15/10","source":"security@debian.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/16/5","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94945","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32/","source":"security@debian.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4UHGG/","source":"security@debian.org"},{"url":"https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/","source":"security@debian.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://sourceforge.net/projects/flightgear/files/release-2016.4/","source":"security@debian.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4588-1/","source":"security@debian.org"},{"url":"http://www.debian.org/security/2016/dsa-3742","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/14/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/15/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/16/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94945","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4UHGG/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://sourceforge.net/projects/flightgear/files/release-2016.4/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/4588-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5585","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and execute arbitrary DML or DDL commands via a crafted request.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2520."},{"lang":"es","value":"OpenText Documentum Content Server (anteriormente EMC Documentum Content Server) 7.3, cuando PostgreSQL Database es utilizado y la opción de configuración return_top_results_row_based es falsa, no restringe adecuadamente las sugerencias de DQL, lo que permite a usuarios remotos autenticados llevar a cabo ataques de inyección DQL y ejecutar comandos DML o DDL arbitrarios a través de una petición manipulada. NOTA: esta vulnerabilidad existe debido a una reparación incompleta para CVE-2014-2520."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_content_server:7.3:*:*:*:*:*:*:*","matchCriteriaId":"BA367A58-FA0A-48D6-99DB-A602A6B37479"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96224","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/141124/OpenText-Documentum-Content-Server-7.3-SQL-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96224","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5586","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T16:59:00.567","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries."},{"lang":"es","value":"OpenText Documentum D2 (anteriormente EMC Documentum D2) 4.x permite a atacantes remotos ejecutar comandos arbitrarios a través de un objeto Java serializado manipulado, relacionado con las librerías BeanShell (bsh) y Apache Commons Collections (ACC)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.0:*:*:*:*:*:*:*","matchCriteriaId":"4667B360-FF26-4F2B-86EA-106ACA727B28"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.1:*:*:*:*:*:*:*","matchCriteriaId":"908D9F8A-87D7-46A0-BA8E-B7CA4A7808F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.2:*:*:*:*:*:*:*","matchCriteriaId":"5A08F926-B628-45B2-A745-758F7E5E3217"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.3:*:*:*:*:*:*:*","matchCriteriaId":"7ED28126-775B-4DFD-92B1-38E70CABCF63"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.4:*:*:*:*:*:*:*","matchCriteriaId":"EAB00B8A-6E66-4E6D-9182-B3BC94B47E44"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.5:*:*:*:*:*:*:*","matchCriteriaId":"E8E54DC3-7B37-43EF-B355-9CD4AF1F778D"},{"vulnerable":true,"criteria":"cpe:2.3:a:opentext:documentum_d2:4.6:*:*:*:*:*:*:*","matchCriteriaId":"89FDA5A9-1028-47BE-9190-0B7095C6441C"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96216","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41366/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/141105/OpenText-Documentum-D2-4.x-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96216","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41366/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-3013","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-22T19:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661."},{"lang":"es","value":"IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado bloquear el canal MQ debido al manejo incorrecto de la conversión de datos. IBM Reference #: 1998661."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-19"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0.5","matchCriteriaId":"E8D1F413-3197-451E-BCB9-61F65E5F5369"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998661","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96394","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998661","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96394","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-3052","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-22T19:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques."},{"lang":"es","value":"Bajo configuraciones no estándar, WebSphere MQ de IBM, puede enviar datos de contraseña en texto sin cifrar por medio de la red. Estos datos podrían ser interceptados usando técnicas de tipo man in the middle."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0.5","matchCriteriaId":"E8D1F413-3197-451E-BCB9-61F65E5F5369"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998660","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96400","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998660","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96400","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8915","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-22T19:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649."},{"lang":"es","value":"IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con acceso al gestor de colas y a la cola, denegar el servicio a otros canales ejecutándose bajo el mismo proceso. IBM Reference #: 1998649."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*","matchCriteriaId":"421E10D4-4B01-4D52-9FFB-208C4745063E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"153F42BE-64AE-4D38-94C1-E59EF10632A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C5502347-56F2-400F-944B-A532A3A8DE0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D800EA34-4826-4689-A3C0-03724290567B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DCBDF404-693B-4500-80FA-90AE022BD5C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5FFC3793-4880-4103-B7F6-06F96A17357B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998649","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96403","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998649","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96403","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8986","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-22T19:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648."},{"lang":"es","value":"IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con acceso al gestor de colas derribar canales MQ utilizando peticiones HTTP especialmente manipuladas. IBM Reference #: 1998648."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*","matchCriteriaId":"421E10D4-4B01-4D52-9FFB-208C4745063E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"153F42BE-64AE-4D38-94C1-E59EF10632A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C5502347-56F2-400F-944B-A532A3A8DE0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D800EA34-4826-4689-A3C0-03724290567B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DCBDF404-693B-4500-80FA-90AE022BD5C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5FFC3793-4880-4103-B7F6-06F96A17357B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998648","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96412","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998648","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96412","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6188","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T19:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user."},{"lang":"es","value":"Munin en versiones anteriores a 2.999.6 tiene una vulnerabilidad local de escritura de archivos cuando los gráficos CGI están habilitados. Configurar múltiples parámetros GET upper_limit permite sobreescribir cualquier archivo accesible en el usuario www-data."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:N/I:P/A:N","baseScore":1.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.4,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.30.1","matchCriteriaId":"FBCA7BEA-2285-4943-9BE2-959FF027BB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.999.9","matchCriteriaId":"70791CC0-AC69-4745-9EE3-54124C342C6B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96399","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/855705","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/munin-monitoring/munin/issues/721","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201710-05","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3794","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96399","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/855705","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/munin-monitoring/munin/issues/721","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201710-05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-3794","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-1245","sourceIdentifier":"security@debian.org","published":"2017-02-22T23:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based buffer overflow when processing IPv6 Neighbor Discovery messages. The root cause was relying on BUFSIZ to be compatible with a message size; however, BUFSIZ is system-dependent."},{"lang":"es","value":"Se descubrió que el demonio zebra en Quagga en versiones anteriores a 1.0.20161017 sufrió un desbordamiento de búfer basado en pila al procesar mensajes de Neighbor Discovery de IPv6. La causa raíz radicaba en BUFSIZ para ser compatible con un tamaño de mensaje; sin embargo, BUFSIZ depende del sistema."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.20160315","matchCriteriaId":"B646D43D-A1C2-441B-90CE-2929F7BB072A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html","source":"security@debian.org"},{"url":"http://www.gossamer-threads.com/lists/quagga/users/31952","source":"security@debian.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93775","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386109","source":"security@debian.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546","source":"security@debian.org","tags":["Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-48","source":"security@debian.org"},{"url":"https://www.debian.org/security/2016/dsa-3695","source":"security@debian.org","tags":["Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0794.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.gossamer-threads.com/lists/quagga/users/31952","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93775","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1386109","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-48","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.debian.org/security/2016/dsa-3695","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6187","sourceIdentifier":"cve@mitre.org","published":"2017-02-22T23:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4.18 allows remote attackers to execute arbitrary code via a long URI in a GET request."},{"lang":"es","value":"Desbordamiento de búfer en el servidor construido en web en DiskSavvy Enterprise 9.4.18 permite a atacantes remotos ejecutar código arbitrario a través de una URI larga en una solicitud GET."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:disksavvy:disksavvy_enterprise:9.4.18:*:*:*:*:*:*:*","matchCriteriaId":"9CA3A110-67DF-4E41-970F-EB2DAFBD153E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96401","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41436/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96401","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.exploit-db.com/exploits/41436/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6205","sourceIdentifier":"cve@mitre.org","published":"2017-02-23T06:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors."},{"lang":"es","value":"Dispositivos D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 y DGS-1510-20 de Websmart con firmware anterior a 1.31.B003 permiten a atacantes llevar a cabo ataques de Elusión de Comandos no Autenticados a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:websmart_dgs-1510_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.31.b001","matchCriteriaId":"8AFB2BDE-756A-47C9-9072-AFFB6FAA254E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-20:-:*:*:*:*:*:*:*","matchCriteriaId":"95084767-AB12-4124-96C5-C3FBD77854B9"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28:-:*:*:*:*:*:*:*","matchCriteriaId":"1A83310B-38B0-4259-BBC4-E11684B1DA24"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28p:-:*:*:*:*:*:*:*","matchCriteriaId":"AF7A14A9-7443-4194-BF36-76C084A20F86"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28xmp:-:*:*:*:*:*:*:*","matchCriteriaId":"EAEAC111-8914-4DC1-B8FA-E9AF1AE1DF73"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-52:-:*:*:*:*:*:*:*","matchCriteriaId":"0B4B17F4-4DDD-438E-BC49-3771AFDC39E6"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-52x:-:*:*:*:*:*:*:*","matchCriteriaId":"68709ECB-A529-49DB-846F-8FDEE47B0BC3"}]}]}],"references":[{"url":"http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96397","source":"cve@mitre.org"},{"url":"http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96397","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6206","sourceIdentifier":"cve@mitre.org","published":"2017-02-23T06:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors."},{"lang":"es","value":"Dispositivos D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 y DGS-1510-20 de Websmart con firmware anterior a 1.31.B003 permiten a atacantes llevar a cabo ataques de Divulgación de Información no Autenticada a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:websmart_dgs-1510_series_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"1.31.b001","matchCriteriaId":"8AFB2BDE-756A-47C9-9072-AFFB6FAA254E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-20:-:*:*:*:*:*:*:*","matchCriteriaId":"95084767-AB12-4124-96C5-C3FBD77854B9"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28:-:*:*:*:*:*:*:*","matchCriteriaId":"1A83310B-38B0-4259-BBC4-E11684B1DA24"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28p:-:*:*:*:*:*:*:*","matchCriteriaId":"AF7A14A9-7443-4194-BF36-76C084A20F86"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-28xmp:-:*:*:*:*:*:*:*","matchCriteriaId":"EAEAC111-8914-4DC1-B8FA-E9AF1AE1DF73"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-52:-:*:*:*:*:*:*:*","matchCriteriaId":"0B4B17F4-4DDD-438E-BC49-3771AFDC39E6"},{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:websmart_dgs-1510-52x:-:*:*:*:*:*:*:*","matchCriteriaId":"68709ECB-A529-49DB-846F-8FDEE47B0BC3"}]}]}],"references":[{"url":"http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96393","source":"cve@mitre.org"},{"url":"https://github.com/varangamin/CVE-2017-6206","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41662/","source":"cve@mitre.org"},{"url":"http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96393","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/varangamin/CVE-2017-6206","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41662/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5883","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-23T16:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1997010."},{"lang":"es","value":"IBM iNotes 8.5 y 9.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript en la interfaz web alterando así la funcionalidad prevista conduciendo potencialmente a divulgación de credenciales en una sesión de confianza. IBM Reference #: 1997010."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.0:*:*:*:*:*:*:*","matchCriteriaId":"49FF4C09-76B3-4CCA-9EBA-530B4CB0314D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.1:*:*:*:*:*:*:*","matchCriteriaId":"CC0FE386-25E0-452F-A0E4-C54901C8870B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.2:*:*:*:*:*:*:*","matchCriteriaId":"92E3BD0F-DC7F-47C1-A86A-9B1627FBE941"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.3:*:*:*:*:*:*:*","matchCriteriaId":"68862417-67DC-462A-8557-E1E371926FC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.4:*:*:*:*:*:*:*","matchCriteriaId":"0E251CBF-CA6A-4675-B7FA-B68EC44ADA52"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.1.5:*:*:*:*:*:*:*","matchCriteriaId":"EC844FD9-65ED-4223-8B60-29EDC5EBEB3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"B097CA3C-2ABA-489E-86C1-EEF891AF7094"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"14F15C5B-D465-4AE6-B70B-E03EE32A0D54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"B8270B1C-31E1-47F6-B641-8A4291EBEF33"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.2.3:*:*:*:*:*:*:*","matchCriteriaId":"1B62FD4B-A8B0-4215-A22C-241EE84A4C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A34CFCD5-D0F8-46E4-BA5F-24AA9CD378A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.1:*:*:*:*:*:*:*","matchCriteriaId":"7EFF2543-619A-49EA-909C-49C82397A89E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.2:*:*:*:*:*:*:*","matchCriteriaId":"3A913396-D7C3-4088-A4E8-93BF3ADB9C21"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A2FAF950-ECA1-4DC1-ABC7-18C073209ED3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.4:*:*:*:*:*:*:*","matchCriteriaId":"40437DB7-17EB-4C53-9D71-624D01068D77"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.5:*:*:*:*:*:*:*","matchCriteriaId":"677DDC3B-3B08-407F-8543-7A78B38B4F0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:8.5.3.6:*:*:*:*:*:*:*","matchCriteriaId":"F0E9875B-4AEF-4D61-BEAE-BA5DA1F66C96"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"975E8316-D4C3-40B7-8E57-E871D0327271"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4E0C5AFE-62C7-4A6C-991B-222FF28DF92B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.1:*:*:*:*:*:*:*","matchCriteriaId":"DF4C11BF-8A63-4ED9-871D-C3366D766CC1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.2:*:*:*:*:*:*:*","matchCriteriaId":"1B74523E-57BE-4B0B-B639-32927336C862"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.3:*:*:*:*:*:*:*","matchCriteriaId":"521E7EBE-CEA6-4FF8-954A-2A43617FB1C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.4:*:*:*:*:*:*:*","matchCriteriaId":"30460A5C-2D97-42B5-A190-5E0862E87EDA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.5:*:*:*:*:*:*:*","matchCriteriaId":"31391143-EE89-4521-81F4-43455AAF7D50"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:inotes:9.0.1.6:*:*:*:*:*:*:*","matchCriteriaId":"5344290B-F139-4367-B976-C2E8007487F6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997010","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96168","source":"psirt@us.ibm.com"},{"url":"http://www.securitytracker.com/id/1037790","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997010","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96168","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037790","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-6055","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-23T16:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1995515."},{"lang":"es","value":"IBM Rational DOORS Next Generation 4.0, 5.0 y 6.0 es vulnerable a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz web alterando así la funcionalidad prevista conduciendo potencialmente a divulgación de credenciales en una sesión de confianza. IBM Reference #: 1995515."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B2431038-D838-4AB0-B614-EDC1D4D203E2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"8D76BE6D-5C28-404A-BBF3-E2C9E1596E8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"6A0BC49A-4D59-47AE-B2D2-13B6719B0932"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"E3AE1241-9998-4F5D-862A-52CE40DB24C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"C3F32526-C148-4FCE-B32B-88A8F2BB3A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"749C6DAF-EF92-40DD-9CE8-535D1C5BB745"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_doors_next_generation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"666FB9C2-4A39-4C21-B00B-3ABF4EE9805E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FEAAF6E2-74BE-4FB2-AE49-3C58F68BCEFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"44EF2B1F-1CD0-4B6E-8C86-622B0E000F8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4EFFBB5B-8566-45BC-9123-5418821E6EB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"5BF2CC2A-232C-43A6-8C9B-E6125C051BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"2A84EA62-E3F8-4E4C-9FEF-065300C4611A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"0232D8EF-1DB3-477D-818C-B79B68406197"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_requirements_composer:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"7E8158D2-ECB0-4F89-BE73-568CA213D9B8"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995515","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21995515","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8974","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-23T16:59:00.233","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. IBM Reference #: 1997798."},{"lang":"es","value":"IBM Rhapsody DM 4.0, 5.0 y 6.0 es vulnerable a una denegación de servicio, provocada por un error XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente sensible o consumir todos los recursos de memoria disponibles. IBM Reference #: 1997798."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:C","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0:*:*:*:*:*:*:*","matchCriteriaId":"46883130-F370-406C-A8E8-213399F2EE47"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5A13CE71-BEC0-4DEC-9CF7-183672F6729D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"2DB2451D-F31E-4CF6-8E61-2970A4FB174D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"01A27F4B-0ED9-479F-B91B-FCB514CF1D1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"EEAF452F-94AB-4857-BCD6-AE5251C61526"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"7596E71E-4507-4EFC-ABF9-41D8FD338CC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.6:*:*:*:*:*:*:*","matchCriteriaId":"9B201E3D-1028-4955-AFE2-AF8C14CAA182"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"A1C966E0-6372-4CA5-902E-DEE17FC139E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0:*:*:*:*:*:*:*","matchCriteriaId":"B12D7433-30F0-427F-BF82-0AAD492CE35D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E6E654FB-BD17-4308-9CD0-163D8DA0BD6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"64D14BEF-D1F0-4C27-87F0-8BCAD8A3E369"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0:*:*:*:*:*:*:*","matchCriteriaId":"C0B9D0C8-2EB2-4209-8495-1B3B823D9A41"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*","matchCriteriaId":"94EF2E53-3618-4610-AC36-602584DB26EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"EF978C93-8747-416A-890B-09575EF0BA13"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997798","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6214","sourceIdentifier":"cve@mitre.org","published":"2017-02-23T17:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag."},{"lang":"es","value":"La función tcp_splice_read en net/ipv4/tcp.c en el kernel de Linux en versiones anteriores a 4.9.11 permite a atacantes remotos provocar una denegación de servicio (bucle infinito y bloqueo débil) a través de vectores que involucran un paquete TCP con la bandera URG."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.10","matchCriteriaId":"C5D57D8B-3072-44A1-88FE-58FB0A730057"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96421","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037897","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1372","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1615","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1616","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2017:1647","source":"cve@mitre.org"},{"url":"https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-09-01","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccf7abb93af09ad0868ae9033d1ca8108bdaec82","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96421","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037897","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1372","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1615","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1616","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2017:1647","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/torvalds/linux/commit/ccf7abb93af09ad0868ae9033d1ca8108bdaec82","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-09-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6100","sourceIdentifier":"cve@mitre.org","published":"2017-02-23T19:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP."},{"lang":"es","value":"tcpdf en versiones anteriores a 6.2.0 carga archivos desde el servidor generando archivos PDF a un FTP externo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tcpdf_project:tcpdf:*:*:*:*:*:*:*:*","versionEndIncluding":"6.1.1","matchCriteriaId":"7B1ED5CB-BBC2-4099-B359-32FB5D9DDCBD"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/19/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://sourceforge.net/p/tcpdf/bugs/1005/","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/19/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://sourceforge.net/p/tcpdf/bugs/1005/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10109","sourceIdentifier":"cve@mitre.org","published":"2017-02-23T20:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses \"cardsList\" after the handle has been released through the SCardReleaseContext function."},{"lang":"es","value":"Vulnerabilidad de uso después de liberación en pcsc-lite en versiones anteriores a 1.8.20 permite a atacantes remotos provocar denegación de servicio (caída) a través de un comando que utiliza \"cardsList\" después de que el manejo haya sido lanzado a través de la función SCardReleaseContext."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:muscle:pcsc-lite:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.19","matchCriteriaId":"50C54649-BEE7-4A63-A0E5-CC91D5B573F7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","matchCriteriaId":"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","matchCriteriaId":"B5A6F2F3-4894-4392-8296-3B8DD2679084"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","matchCriteriaId":"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*","matchCriteriaId":"1AFB20FA-CB00-4729-AB3A-816454C6D096"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3752","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/03/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95263","source":"cve@mitre.org"},{"url":"http://www.ubuntu.com/usn/USN-3176-1","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"cve@mitre.org"},{"url":"https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-01","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2017/dsa-3752","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/03/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95263","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.ubuntu.com/usn/USN-3176-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2014-9916","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T02:59:00.377","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Bilboplanet 2.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) tribe_name o (2) tags en una solicitud de página de tribus a user/ o el parámetro (3) user_id o (4) fullname a signup.php."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bilboplanet:bilboplanet:2.0:*:*:*:*:*:*:*","matchCriteriaId":"1E3C2169-E99A-437C-BBE3-C4C14DB9A5FD"}]}]}],"references":[{"url":"http://www.exploit-db.com/exploits/34089","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.exploit-db.com/exploits/34089","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6076","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T02:59:01.080","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine."},{"lang":"es","value":"En versiones de wolfSSL anteriores a 3.10.2, la función fp_mul_comba facilita extraer información de clave RSA para un usuario malicioso que tiene acceso para visualizar la chaché en una máquina."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wolfssl:wolfssl:*:*:*:*:*:*:*:*","versionEndExcluding":"3.10.2","matchCriteriaId":"3CF544C5-1FA4-4D30-86F7-E91F4A84247E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96422","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96422","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6099","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T02:59:01.113","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en GetAuthDetails.html.php en PayPal PHP Merchant SDK (también conocido como merchant-sdk-php) 3.9.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro token."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:paypal:merchant-sdk-php:3.9.1:*:*:*:*:*:*:*","matchCriteriaId":"B9E0E945-DB9E-465B-A7B6-AC2C08E4259E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96432","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/paypal/merchant-sdk-php/issues/129","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/paypal/merchant-sdk-php/issues/129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6196","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple use-after-free vulnerabilities in the gx_image_enum_begin function in base/gxipixel.c in Ghostscript before ecceafe3abba2714ef9b432035fe0739d9b1a283 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document."},{"lang":"es","value":"Múltiples vulnerabilidades de uso después de liberación en la función gx_image_enum_begin en base/gxipixel.c en Ghostscript en versiones anteriores a ecceafe3abba2714ef9b432035fe0739d9b1a283 permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente tener otro impacto no especificado a través de un documento PostScript manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:afpl_ghostscript:*:*:*:*:*:*:*:*","versionEndIncluding":"8452f9238959a4d518af365812bf031fe4d8d4b7","matchCriteriaId":"3248B027-E12E-46C9-8839-7A97CD4BAA48"}]}]}],"references":[{"url":"http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ecceafe3abba2714ef9b432035fe0739d9b1a283","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96428","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037899","source":"cve@mitre.org"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697596","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://security.gentoo.org/glsa/201708-06","source":"cve@mitre.org"},{"url":"http://git.ghostscript.com/?p=ghostpdl.git%3Bh=ecceafe3abba2714ef9b432035fe0739d9b1a283","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96428","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037899","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697596","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://security.gentoo.org/glsa/201708-06","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6197","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function."},{"lang":"es","value":"Las funciones r_read_* en libr/include/r_endian.h en radare2 1.2.1 permiten a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un archivo binario manipulado, como se demuestra por la función r_read_le32."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1E2BB74D-D369-43D4-9EDB-3F0DD27091B0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96433","source":"cve@mitre.org"},{"url":"https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/radare/radare2/issues/6816","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96433","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/radare/radare2/issues/6816","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6298","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"1 of 9. Null Pointer Deref / calloc return value not checked.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"1 de 9. Referencia a puntero Null / valor de retorno calloc no marcado\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6299","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.297","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"2 of 9. Infinite Loop / DoS in the TNEFFillMapi function in lib/ytnef.c.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"2 de 9. Bucle infinito / DoS en la función TNEFFillMapi en lib/ytnef.c\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}],"evaluatorComment":"<a href=\"http://cwe.mitre.org/data/definitions/835.html\" rel=\"nofollow\">CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')</a>"}},{"cve":{"id":"CVE-2017-6300","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.327","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"3 of 9. Buffer Overflow in version field in lib/tnef-types.h.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"3 de 9. Desbordamiento de búfer en el campo de versión en lib/tnef-types.h\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6301","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"4 of 9. Out of Bounds Reads.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"4 de 9. Lectura fuera de límites\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6302","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"5 of 9. Integer Overflow.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"5 de 9. Desbordamiento de entero\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6303","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.437","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"6 of 9. Invalid Write and Integer Overflow.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"6 de 9. Escritura no válida y desbordamiento de entero\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6304","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.467","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"7 of 9. Out of Bounds read.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"7 de 9. Lectura fuera de límites\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6305","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"8 of 9. Out of Bounds read and write.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"8 de 9. Lectura y escritura fuera de límites\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6306","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.530","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ytnef before 1.9.1. This is related to a patch described as \"9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c.\""},{"lang":"es","value":"Se descubrió un problema en ytnef en versiones anteriores a 1.9.1. Esto se relaciona con un parche descrito como \"9 de 9. Directorio traversal utilizando el nombre de archivo; función SanitizeFilename en settings.c\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ytnef_project:ytnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9","matchCriteriaId":"B0249DEE-D540-4265-BF09-B0BB1D6F8BDA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3846","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"cve@mitre.org"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96423","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Yeraze/ytnef/pull/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFJWMUEUC4ILH2HEOCYVVLQT654ZMCGQ/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6307","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker."},{"lang":"es","value":"Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado dos escrituras OOB en src/mapi_attr.c:mapi_attr_read(). Esto puede conducir a operaciones de lectura y escritura no válidas, controladas por un atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.12","matchCriteriaId":"89F0C6D8-2B85-44C4-A8C0-1BDBCAC4E6DC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3798","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6308","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in tnef before 1.4.13. Several Integer Overflows, which can lead to Heap Overflows, have been identified in the functions that wrap memory allocation."},{"lang":"es","value":"Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Varios desbordamientos de entero, que pueden conducir a operaciones de desbordamiento de memoria dinámica, se han identificado en las funciones que envuelven la asignación de memoria."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.12","matchCriteriaId":"89F0C6D8-2B85-44C4-A8C0-1BDBCAC4E6DC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3798","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6309","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker."},{"lang":"es","value":"Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado dos confusiones tipo en la función parse_file(). Esto puede conducir a operaciones de lectura y escritura no válidas, controladas por un atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.12","matchCriteriaId":"89F0C6D8-2B85-44C4-A8C0-1BDBCAC4E6DC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3798","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6310","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T04:59:00.670","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the file_add_mapi_attrs() function. These might lead to invalid read and write operations, controlled by an attacker."},{"lang":"es","value":"Se descubrió un problema en tnef en versiones anteriores a 1.4.13. Se han identificado cuatro confusiones tipo en la función file_add_mapi_attrs(). Esto puede conducir a operaciones de lectura y escritura no válidas, controladas por un atacante."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tnef_project:tnef:*:*:*:*:*:*:*:*","versionEndIncluding":"1.4.12","matchCriteriaId":"89F0C6D8-2B85-44C4-A8C0-1BDBCAC4E6DC"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3798","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3798","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/verdammelt/tnef/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201708-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5669","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T15:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context."},{"lang":"es","value":"La función do_shmat en ipc/shm.c en el kernel de Linux hasta la versión 4.9.12 no restringe la dirección calculada por cierta operación de redondeo, lo que permite a usuarios locales asignar la página cero, y como consecuencia, eludir un mecanismo de protección que existe por la llamada de sistema mmap, haciendo llamadas a sistema shmget y shmat manipuladas en un contexto privilegiado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.11","matchCriteriaId":"68E74529-58C5-4D73-8176-DDDF25C71F22"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*","matchCriteriaId":"8D305F7A-D159-4716-AB26-5E38BB5CD991"},{"vulnerable":true,"criteria":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","matchCriteriaId":"815D70A8-47D3-459C-A32C-9FEACA0659D1"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96754","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037918","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.kernel.org/show_bug.cgi?id=192931","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3583-1/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3583-2/","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96754","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037918","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.kernel.org/show_bug.cgi?id=192931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3583-1/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://usn.ubuntu.com/3583-2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8998","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-24T18:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Tivoli Storage Manager Server 7.1 could allow an authenticated user with TSM administrator privileges to cause a buffer overflow using a specially crafted SQL query and execute arbitrary code on the server. IBM Reference #: 1998747."},{"lang":"es","value":"IBM Tivoli Storage Manager Server 7.1 podría permitir a un usuario autenticado con privilegios de administrador TSM provocar un desbordamiento de búfer utilizando una consulta SQL especialmente manipulada y ejecutar código arbitrario en el servidor. Referencia de IBM: 1998747."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1:*:*:*:*:*:*:*","matchCriteriaId":"C59C16BD-1CB8-47BB-8352-B1609798BB0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.1:*:*:*:*:*:*:*","matchCriteriaId":"BB3B365E-0505-4A43-90A6-811D39BB6262"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.2:*:*:*:*:*:*:*","matchCriteriaId":"B880E34D-A9B4-4A64-B734-71ADC0588761"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.100:*:*:*:*:*:*:*","matchCriteriaId":"E6A07C8F-4DD0-4767-8A8F-A1721EBDE583"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.200:*:*:*:*:*:*:*","matchCriteriaId":"5D972077-A132-430D-97E6-8F0F8B0F79B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.1.300:*:*:*:*:*:*:*","matchCriteriaId":"4DC78448-7AD8-438B-8AFC-79B31FB706D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C3B578C6-A29A-41B6-A9B6-F7A08D9BE34B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.000:*:*:*:*:*:*:*","matchCriteriaId":"6FC3FEDA-B353-4C31-A349-1A12F4FAF465"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E8CA94D1-06FB-4C94-83FB-2BC52676BBDC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.2:*:*:*:*:*:*:*","matchCriteriaId":"302756E5-F3E8-4F5E-90EA-A81A88DB55AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.3.100:*:*:*:*:*:*:*","matchCriteriaId":"D92EDDEE-1135-4EE7-972E-19471352E0A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4:*:*:*:*:*:*:*","matchCriteriaId":"7C980FE7-8B2D-4ED4-A5BF-78615AD0F596"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.1:*:*:*:*:*:*:*","matchCriteriaId":"FD269C39-1070-44C3-B7FC-968C12A344E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.4.2:*:*:*:*:*:*:*","matchCriteriaId":"F7AACC13-50CF-4229-B204-E30523A38721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5:*:*:*:*:*:*:*","matchCriteriaId":"1AC65208-F124-4D28-B5D8-3A3C774C82A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.5.200:*:*:*:*:*:*:*","matchCriteriaId":"E782420B-2A62-4537-88EB-1169C73AC21B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:tivoli_storage_manager:7.1.7:*:*:*:*:*:*:*","matchCriteriaId":"834EBEBA-70E1-4089-A064-6BBFAD50D1CB"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998747","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96443","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998747","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96443","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9009","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-24T18:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647."},{"lang":"es","value":"IBM WebSphere MQ 8.0 podría permitir a un usuario autenticado con autoridad crear un objeto de clúster para provocar una denegación de servicio a la agrupación de MQ. Referencia de IBM: 1998647."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0:*:*:*:*:*:*:*","matchCriteriaId":"421E10D4-4B01-4D52-9FFB-208C4745063E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.0:*:*:*:*:*:*:*","matchCriteriaId":"153F42BE-64AE-4D38-94C1-E59EF10632A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.1:*:*:*:*:*:*:*","matchCriteriaId":"C5502347-56F2-400F-944B-A532A3A8DE0A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9E6FF889-5D7D-47C0-A2B2-F2BDB39BEFDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D800EA34-4826-4689-A3C0-03724290567B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.4:*:*:*:*:*:*:*","matchCriteriaId":"DCBDF404-693B-4500-80FA-90AE022BD5C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:websphere_mq:8.0.0.5:*:*:*:*:*:*:*","matchCriteriaId":"5FFC3793-4880-4103-B7F6-06F96A17357B"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998647","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96441","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998647","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96441","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9975","sourceIdentifier":"psirt@us.ibm.com","published":"2017-02-24T18:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1998714."},{"lang":"es","value":"IBM Jazz for Service Management 1.1.2.1 y 1.1.3 es vulnerable a CSRF, lo que puede permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas desde un usuario en el que el sitio web confía. Referencia de IBM: 1998714."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashboard_application_services_hub:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"C16FFACB-4BCC-4835-9961-137A704199BD"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ibm:jazz_for_service_management:1.1.3:*:*:*:*:*:*:*","matchCriteriaId":"A4D61491-0785-4193-A828-2177AFB81380"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:dashboard_application_services_hub:3.1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"9E96E460-B177-421F-95DD-EBFEDC3E4762"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:ibm:jazz_for_service_management:1.1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"A18D87C9-7C7C-4C76-A15F-E42AC4D08CBC"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998714","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96444","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998714","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96444","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2226","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.127","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow."},{"lang":"es","value":"Desbordamiento de entero en la función string_appends en cplus-dem.c en libiberty permite a atacantes remotos ejecutar código arbitrario a través de un ejecutable manipulado, que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90103","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://www.exploit-db.com/exploits/42386/","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90103","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://www.exploit-db.com/exploits/42386/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-4041","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors."},{"lang":"es","value":"Plone 4.0 hasta la versión 5.1a1 no tiene declaraciones de seguridad para solicitudes de WebDAV relacionadas con contenido de Dexterity, lo que permite a atacantes remotos obtener acceso webdav a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*","matchCriteriaId":"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E08F4534-A588-463F-A745-39E559AB1CB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B64341BA-5722-415E-9771-9837168AB7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E2929227-AE19-428D-9AC3-D312A559039B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3B6DC866-0FEE-475B-855C-A69E004810CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"50BF3E8E-152C-4E89-BAA2-A952D10F4611"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F1F88BF6-9058-4CB8-A2D6-5653860CF489"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"B2AA3FA2-15C3-444A-8810-5EF3E0E84D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"72F3B15A-CD0F-4CC5-A76F-E62637B30E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"D913FCA7-4DAE-4E9A-9146-9AFA8472B04B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*","matchCriteriaId":"7C44B53B-953B-4522-A5B4-11573850D2CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D8883023-113A-420A-97B6-A4A9B29CF7DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4DF4D113-8D9D-4DA3-A177-64783352F608"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"28F9B699-D1A4-425C-84ED-6A8FD29BE7F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"47321B60-67DA-4543-B173-D629A9569B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"58B36EB2-723F-4E25-8018-EEB2BE806D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*","matchCriteriaId":"7962EF74-6AC1-424C-A202-163AFDADA971"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*","matchCriteriaId":"1F1818BB-E23A-4136-898D-1D0C80C08728"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"5CB06627-133A-40D1-8816-E31E0A9BAD22"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6E727C5C-9E54-49F7-B92C-2492069AAE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BFD68465-4CDC-4788-8932-41335B5C4AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*","matchCriteriaId":"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CE168A35-1A46-4A6F-8A08-25CDD886066D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"56571585-E9A2-4B78-B2B1-5D8EADED522A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"2CDF8A15-401C-453E-8D09-8D4CDD4766DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"043B3CBE-DEA2-474D-AA57-1830A470B621"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"08A6842B-B479-4D91-928A-1CCE1DCB936E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"875A368A-F1D6-4795-99CF-A96DBCD1D407"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"B5962C24-BC35-4E27-B81B-E2D21F83FB13"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"55BCE259-700F-4E39-8565-99E4DFDA6F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*","matchCriteriaId":"E3642637-8B6D-40A0-9A60-EACE70BB0490"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8AF9FB6C-134F-4653-8771-1BF46AB39344"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E22BA768-96DE-408F-8979-4CC58B50A09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"1672268D-2EFB-4D9E-99D4-AAEFEA659091"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF74DD4-27BB-4881-B324-B53336EF0648"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C6962EC-8398-4564-9840-AECB3E3D697D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"83D341D6-AB11-444F-88FD-22303D1E3F65"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/privilege-escalation-in-webdav","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4042","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors."},{"lang":"es","value":"Plone 3.3 hasta la versión 5.1a1 permite a atacantes remotos obtener información sobre la ID de contenido sensible a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*","matchCriteriaId":"FDC93803-6506-4382-A013-18010EE7E06B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*","matchCriteriaId":"E65977FD-A880-4D16-B56B-94A72774F42D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*","matchCriteriaId":"4EA5B4F8-2155-403D-97D8-1272285D508B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*","matchCriteriaId":"A3CA2943-77E5-4384-A019-415BBCE62F94"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*","matchCriteriaId":"B7FF63F6-F1DC-4A97-A2E6-11CF613A31E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*","matchCriteriaId":"538A3519-5B04-4FE5-A3C0-FD26EFA32705"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*","matchCriteriaId":"858CBC5A-C241-475C-8125-C5EA351B12A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*","matchCriteriaId":"F3306D84-0F5B-46BA-9BCC-DCD0A1CDD604"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*","matchCriteriaId":"E08F4534-A588-463F-A745-39E559AB1CB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B64341BA-5722-415E-9771-9837168AB7C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*","matchCriteriaId":"E2929227-AE19-428D-9AC3-D312A559039B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"3B6DC866-0FEE-475B-855C-A69E004810CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*","matchCriteriaId":"50BF3E8E-152C-4E89-BAA2-A952D10F4611"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"F1F88BF6-9058-4CB8-A2D6-5653860CF489"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*","matchCriteriaId":"B2AA3FA2-15C3-444A-8810-5EF3E0E84D58"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*","matchCriteriaId":"72F3B15A-CD0F-4CC5-A76F-E62637B30E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*","matchCriteriaId":"D913FCA7-4DAE-4E9A-9146-9AFA8472B04B"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*","matchCriteriaId":"7C44B53B-953B-4522-A5B4-11573850D2CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*","matchCriteriaId":"D8883023-113A-420A-97B6-A4A9B29CF7DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*","matchCriteriaId":"4DF4D113-8D9D-4DA3-A177-64783352F608"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*","matchCriteriaId":"28F9B699-D1A4-425C-84ED-6A8FD29BE7F8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*","matchCriteriaId":"47321B60-67DA-4543-B173-D629A9569B45"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*","matchCriteriaId":"58B36EB2-723F-4E25-8018-EEB2BE806D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*","matchCriteriaId":"7962EF74-6AC1-424C-A202-163AFDADA971"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*","matchCriteriaId":"1F1818BB-E23A-4136-898D-1D0C80C08728"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*","matchCriteriaId":"5CB06627-133A-40D1-8816-E31E0A9BAD22"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*","matchCriteriaId":"AE7E448A-2C0C-4DE0-89EA-904718CB6C6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*","matchCriteriaId":"6E727C5C-9E54-49F7-B92C-2492069AAE08"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*","matchCriteriaId":"BFD68465-4CDC-4788-8932-41335B5C4AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*","matchCriteriaId":"A7B739E0-FB73-401C-AB1A-E3C1434AA2A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*","matchCriteriaId":"DCC8B987-5173-4C61-8DE6-B70C18EE6FD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*","matchCriteriaId":"38BA31E8-77EC-478B-BC6E-E2F145A8B9BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*","matchCriteriaId":"CE168A35-1A46-4A6F-8A08-25CDD886066D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*","matchCriteriaId":"CFE0FC06-369B-46CF-9B1E-BAF7AF87E950"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*","matchCriteriaId":"56571585-E9A2-4B78-B2B1-5D8EADED522A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*","matchCriteriaId":"2CDF8A15-401C-453E-8D09-8D4CDD4766DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*","matchCriteriaId":"39B0B1CE-C0D9-495C-B4E7-E52A50BD6D97"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*","matchCriteriaId":"043B3CBE-DEA2-474D-AA57-1830A470B621"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*","matchCriteriaId":"08A6842B-B479-4D91-928A-1CCE1DCB936E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*","matchCriteriaId":"875A368A-F1D6-4795-99CF-A96DBCD1D407"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*","matchCriteriaId":"B5962C24-BC35-4E27-B81B-E2D21F83FB13"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*","matchCriteriaId":"55BCE259-700F-4E39-8565-99E4DFDA6F9E"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:a1:*:*:*:*:*:*","matchCriteriaId":"E3642637-8B6D-40A0-9A60-EACE70BB0490"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8AF9FB6C-134F-4653-8771-1BF46AB39344"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E22BA768-96DE-408F-8979-4CC58B50A09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"1672268D-2EFB-4D9E-99D4-AAEFEA659091"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF74DD4-27BB-4881-B324-B53336EF0648"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C6962EC-8398-4564-9840-AECB3E3D697D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"83D341D6-AB11-444F-88FD-22303D1E3F65"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/unauthorized-disclosure-of-site-content","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4043","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates."},{"lang":"es","value":"Chameleon (five.pt) en Plone 5.0rc1 hasta la versión 5.1a1 permite a usuarios remotos autenticados eludir Restricted Python aprovechando permisos para crear y editar plantillas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","baseScore":4.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*","matchCriteriaId":"E8C6DFBF-5CC6-49A7-BC83-E8F686815F6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*","matchCriteriaId":"8AF9FB6C-134F-4653-8771-1BF46AB39344"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*","matchCriteriaId":"E22BA768-96DE-408F-8979-4CC58B50A09C"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*","matchCriteriaId":"1672268D-2EFB-4D9E-99D4-AAEFEA659091"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9EF74DD4-27BB-4881-B324-B53336EF0648"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*","matchCriteriaId":"1C6962EC-8398-4564-9840-AECB3E3D697D"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"ADE89FE6-DBF6-4CDD-BBA3-B34AEEAE6BA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*","matchCriteriaId":"83D341D6-AB11-444F-88FD-22303D1E3F65"},{"vulnerable":true,"criteria":"cpe:2.3:a:plone:plone:5.1a1:*:*:*:*:*:*:*","matchCriteriaId":"A98F25E9-C852-458A-B6B9-656B81CC0D33"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/bypass-restricted-python","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/04/20/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://plone.org/security/hotfix/20160419/bypass-restricted-python","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4487","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"btypevec.\""},{"lang":"es","value":"Vulnerabilidad de uso después de liberación en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado, relacionado con \"btypevec\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90025","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90025","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4488","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to \"ktypevec.\""},{"lang":"es","value":"Vulnerabilidad después de liberación en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado, relacionado con \"ktypevec\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90025","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90025","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4489","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.470","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the \"demangling of virtual tables.\""},{"lang":"es","value":"Desbordamiento de entero en la función gnu_special en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado, relacionado con el \"desmantelamiento de tablas virtuales\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90017","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90017","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4490","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths."},{"lang":"es","value":"Desbordamiento de búfer en cp-demangle.c en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado, relacionado con uso inconsistente de los tipos largo e int para longitudes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90019","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90019","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2016-4491","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.517","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having \"itself as ancestor more than once.\""},{"lang":"es","value":"La función d_print_comp en cp-demangle.c en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado, que desencadena recursión infinita y un desbordamiento de búfer, relacionado con un nodo que se tiene \"a sí mismo como ancestro más de una vez\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90016","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90016","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4492","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.563","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary."},{"lang":"es","value":"Desbordamiento de búfer en la función do_type en cplus-dem.c en libiberty permite a atacantes remotos provocar una denegación de servicio (error de segmentación y caída) a través de un binario manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90014","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90014","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-4493","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.597","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary."},{"lang":"es","value":"Las funciones demangle_template_value_parm y do_hpacc_template_literal en cplus-dem.c en libiberty permiten a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un binario manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:libiberty:*:*:*:*:*:*:*:*","matchCriteriaId":"531D74B4-D723-4ADB-B38D-0F16F468C9B7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90014","source":"cve@mitre.org"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90014","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00223.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-5027","sourceIdentifier":"cve@mitre.org","published":"2017-02-24T20:59:00.643","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file."},{"lang":"es","value":"dwarf_form.c en libdwarf 20160115 permite a atacantes provocar una denegación de servicio (caída) a través de un archivo elf manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:2016-01-15:*:*:*:*:*:*:*","matchCriteriaId":"44471294-3FC4-4550-A327-B6BA9B32DAA8"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330237","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/25/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1330237","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]}]}},{"cve":{"id":"CVE-2017-2789","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-24T22:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."},{"lang":"es","value":"Cuando se copian datos de archivos en un búfer, JustSystems Ichitaro Office 2016 Trial calculará dos valores para determinar cuantos datos copiar desde el documento. Si ambos valores son más grandes que el tamaño del búfer, la aplicación escogerá el más pequeño de los dos y confiará en él para copiar datos desde el archivo. Este valor es mayor que el tamaño de búfer, lo que conduce a un desbordamiento de búfer basado en memoria dinámica. Este desbordamiento corrompe un desplazamiento en la memoria dinámica utilizada en la aritmética de puntero para escribir datos y puede conducir a ejecución de código bajo el contexto de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*","matchCriteriaId":"869571E4-7544-48EE-9839-927A3F6315E2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96438","source":"talos-cna@cisco.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0196/","source":"talos-cna@cisco.com"},{"url":"http://www.securityfocus.com/bid/96438","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0196/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2790","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-24T22:59:00.200","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. This results in a heap-based buffer overflow and can lead to code execution under the context of the application."},{"lang":"es","value":"Cuando se procesa un tipo de registro de 0x3c flujo Workbookdesde un archivo Excel (.xls), JustSystems Ichitaro Office confía que el tamaño es mayor que cero, substrae uno de la longitud, y utiliza este resultado como el tamaño de una memcpy. Esto resulta en un desbordamiento de búfer basado en memoria dinámica y puede conducir a ejecución de código bajo el contexto de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:justsystems:ichitaro:*:*:*:*:*:*:*:*","matchCriteriaId":"869571E4-7544-48EE-9839-927A3F6315E2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96442","source":"talos-cna@cisco.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0197/","source":"talos-cna@cisco.com"},{"url":"http://www.securityfocus.com/bid/96442","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0197/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2791","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-24T22:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"JustSystems Ichitaro 2016 Trial contains a vulnerability that exists when trying to open a specially crafted PowerPoint file. Due to the application incorrectly handling the error case for a function's result, the application will use this result in a pointer calculation for reading file data into. Due to this, the application will read data from the file into an invalid address thus corrupting memory. Under the right conditions, this can lead to code execution under the context of the application."},{"lang":"es","value":"JustSystems Ichitaro 2016 Trial contiene una vulnerabilidad que existe al tratar de abrir un archivo de PowerPoint especialmente manipulado. Debido al manejo incorrecto de la aplicación del caso de error para el resultado de una función, la aplicación utilizará este resultado en un cálculo de puntero para leer datos de archivo dentro. Debido a esto, la aplicación leerá datos desde un archivo dentro de una dirección no válida corrompiendo así la memoria. Bajo las condiciones adecuadas, esto puede conducir a ejecución de código dentro del contexto de la aplicación."}],"metrics":{"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:justsystems:ichitaro:2016:*:*:*:trial:*:*:*","matchCriteriaId":"85413E71-5093-49EF-B949-4B8A62A237DE"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96440","source":"talos-cna@cisco.com"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0199/","source":"talos-cna@cisco.com"},{"url":"http://www.securityfocus.com/bid/96440","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0199/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5925","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."},{"lang":"es","value":"Los paseos de la tabla de páginas llevados a cabo por la MMU durante la traducción de la dirección virtual a física dejan un rastro en la caché de último nivel de los procesadores Intel modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de código de JavaScript, rompiendo la ASLR."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*","matchCriteriaId":"7E8167A6-98BE-45D9-A333-A4DB8EE9BE43"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*","matchCriteriaId":"4355B92A-F9A4-4DA0-9875-B0D8BD5541AC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*","matchCriteriaId":"CF28E516-87C3-48BF-ADCB-E89C41DB3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"53A9CAF2-DABC-4DD0-87B3-552C469835CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"8519A289-6ADE-415A-AE6A-33FD68AFBDCE"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*","matchCriteriaId":"B51CAD25-267C-4BF2-B738-25B213FCDFD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*","matchCriteriaId":"59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*","matchCriteriaId":"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*","matchCriteriaId":"E92B12C0-E86A-44A0-B302-3CE721237726"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*","matchCriteriaId":"4A3B3752-79A3-45A8-8416-6DC1EA4A9E81"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*","matchCriteriaId":"09B0D125-332D-416D-A379-F0D7C1F9DA27"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*","matchCriteriaId":"677C66EF-E9B9-430F-A19D-2D87AD83DBDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*","matchCriteriaId":"EAFC55E4-D84D-4588-976D-1E2637B1BF0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*","matchCriteriaId":"FF0E91E0-F4B0-495A-80BA-B6B05E6F1760"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"51E0227B-8F2B-48B3-97BC-73BA1BACEED8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"661C05F6-8659-4C06-8AC5-7A25FFA52C2A"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"CA4020D9-99C1-4366-8377-8DD1A983381A"},{"vulnerable":true,"criteria":"cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*","matchCriteriaId":"36182055-4545-405C-8B39-CF5B87C014C7"}]}]}],"references":[{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96452","source":"cve@mitre.org"},{"url":"https://www.vusec.net/projects/anc","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96452","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vusec.net/projects/anc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5926","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.207","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."},{"lang":"es","value":"Los paseos de la tabla de páginas llevados a cabo por la MMU durante la traducción de la dirección virtual a física dejan un rastro en la caché de último nivel de los procesadores AMD modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de código de JavaScript, rompiendo la ASLR."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*","matchCriteriaId":"7E8167A6-98BE-45D9-A333-A4DB8EE9BE43"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*","matchCriteriaId":"4355B92A-F9A4-4DA0-9875-B0D8BD5541AC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*","matchCriteriaId":"CF28E516-87C3-48BF-ADCB-E89C41DB3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"53A9CAF2-DABC-4DD0-87B3-552C469835CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"8519A289-6ADE-415A-AE6A-33FD68AFBDCE"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*","matchCriteriaId":"B51CAD25-267C-4BF2-B738-25B213FCDFD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*","matchCriteriaId":"59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*","matchCriteriaId":"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*","matchCriteriaId":"E92B12C0-E86A-44A0-B302-3CE721237726"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*","matchCriteriaId":"4A3B3752-79A3-45A8-8416-6DC1EA4A9E81"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*","matchCriteriaId":"09B0D125-332D-416D-A379-F0D7C1F9DA27"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*","matchCriteriaId":"677C66EF-E9B9-430F-A19D-2D87AD83DBDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*","matchCriteriaId":"EAFC55E4-D84D-4588-976D-1E2637B1BF0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*","matchCriteriaId":"FF0E91E0-F4B0-495A-80BA-B6B05E6F1760"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"51E0227B-8F2B-48B3-97BC-73BA1BACEED8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"661C05F6-8659-4C06-8AC5-7A25FFA52C2A"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"CA4020D9-99C1-4366-8377-8DD1A983381A"},{"vulnerable":true,"criteria":"cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*","matchCriteriaId":"36182055-4545-405C-8B39-CF5B87C014C7"}]}]}],"references":[{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96457","source":"cve@mitre.org"},{"url":"https://www.vusec.net/projects/anc","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96457","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vusec.net/projects/anc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5927","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR."},{"lang":"es","value":"Los paseos de la tabla de páginas llevados a cabo por la MMU durante la traducción de la dirección virtual a física dejan un rastro en la caché de último nivel de los procesadores ARM modernos. Realizando un ataque de canal lateral en las operaciones de MMU, es posible perder datos y punteros de código de JavaScript, rompiendo la ASLR."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:allwinner:a64:-:*:*:*:*:*:*:*","matchCriteriaId":"7E8167A6-98BE-45D9-A333-A4DB8EE9BE43"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:athlon_ii_640_x4:-:*:*:*:*:*:*:*","matchCriteriaId":"4355B92A-F9A4-4DA0-9875-B0D8BD5541AC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:e-350:-:*:*:*:*:*:*:*","matchCriteriaId":"CF28E516-87C3-48BF-ADCB-E89C41DB3E4C"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8120_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"53A9CAF2-DABC-4DD0-87B3-552C469835CC"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8320_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"5AC0369B-FB5E-48DF-B1E5-72BAD0A0CDEA"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:fx-8350_8-core:-:*:*:*:*:*:*:*","matchCriteriaId":"8519A289-6ADE-415A-AE6A-33FD68AFBDCE"},{"vulnerable":true,"criteria":"cpe:2.3:h:amd:phenom_9550_4-core:-:*:*:*:*:*:*:*","matchCriteriaId":"B51CAD25-267C-4BF2-B738-25B213FCDFD0"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:atom_c2750:-:*:*:*:*:*:*:*","matchCriteriaId":"59CD7DDA-6DDA-47CF-9A75-AFA75B02A56F"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:celeron_n2840:-:*:*:*:*:*:*:*","matchCriteriaId":"3826FEBA-0B2E-403D-9A6A-0DA02FEF9A2B"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i5_m480:-:*:*:*:*:*:*:*","matchCriteriaId":"E92B12C0-E86A-44A0-B302-3CE721237726"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-2620qm:-:*:*:*:*:*:*:*","matchCriteriaId":"4A3B3752-79A3-45A8-8416-6DC1EA4A9E81"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-3632qm:-:*:*:*:*:*:*:*","matchCriteriaId":"09B0D125-332D-416D-A379-F0D7C1F9DA27"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-4500u:-:*:*:*:*:*:*:*","matchCriteriaId":"677C66EF-E9B9-430F-A19D-2D87AD83DBDB"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7-6700k:-:*:*:*:*:*:*:*","matchCriteriaId":"EAFC55E4-D84D-4588-976D-1E2637B1BF0E"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:core_i7_920:-:*:*:*:*:*:*:*","matchCriteriaId":"FF0E91E0-F4B0-495A-80BA-B6B05E6F1760"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e3-1240_v5:-:*:*:*:*:*:*:*","matchCriteriaId":"51E0227B-8F2B-48B3-97BC-73BA1BACEED8"},{"vulnerable":true,"criteria":"cpe:2.3:h:intel:xeon_e5-2658_v2:-:*:*:*:*:*:*:*","matchCriteriaId":"661C05F6-8659-4C06-8AC5-7A25FFA52C2A"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd570m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"C57EA6EC-A6B2-4A6A-A13C-EA86154DCA0C"},{"vulnerable":true,"criteria":"cpe:2.3:h:nvidia:tegra_k1_cd580m-a1:-:*:*:*:*:*:*:*","matchCriteriaId":"CA4020D9-99C1-4366-8377-8DD1A983381A"},{"vulnerable":true,"criteria":"cpe:2.3:h:samsung:exynos_5800:-:*:*:*:*:*:*:*","matchCriteriaId":"36182055-4545-405C-8B39-CF5B87C014C7"}]}]}],"references":[{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96459","source":"cve@mitre.org"},{"url":"https://www.vusec.net/projects/anc","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96459","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vusec.net/projects/anc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5928","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now \"Time to Tick\" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code."},{"lang":"es","value":"La API W3C High Resolution Time, tal como se implementa en varios navegadores web, no considera que los tiempos de referencia de memoria puedan medirse por un enfoque performance.now \"Time to Tick\" incluso con el mecanismo de protección https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 en su lugar, lo que facilita a atacantes remotos llevar a cabo ataques AnC a través de código JavaScript manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:w3:high_resolution_time_api:-:*:*:*:*:*:*:*","matchCriteriaId":"9BA6BB7F-670D-408A-9865-071078594BD0"}]}]}],"references":[{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"http://www.securityfocus.com/bid/97036","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.vusec.net/projects/anc","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.cs.vu.nl/~herbertb/download/papers/anc_ndss17.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"http://www.securityfocus.com/bid/97036","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.vusec.net/projects/anc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5946","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses \"../\" pathname substrings to write arbitrary files to the filesystem."},{"lang":"es","value":"El componente Zip::File en la gema rubyzip en versiones anteriores a 1.2.1 para Ruby tiene una vulnerabilidad de salto de directorio. Si un sitio permite la carga de archivos .zip, un atacante puede cargar un archivo malicioso que utiliza subcadenas de nombre de ruta \"../\" para escribir archivos arbitrarios en el sistema de archivos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rubyzip_project:rubyzip:*:*:*:*:*:ruby:*:*","versionEndExcluding":"1.2.1","matchCriteriaId":"AE0F706C-927B-4BF2-99D1-C0F3C37605CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3801","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96445","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/rubyzip/rubyzip/issues/315","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/rubyzip/rubyzip/releases","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3801","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96445","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/rubyzip/rubyzip/issues/315","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/rubyzip/rubyzip/releases","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6297","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.347","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret."},{"lang":"es","value":"El Cliente L2TP en MikroTik RouterOS versiones 6.83.3 y 6.37.4 no habilita el cifrado IPsec después de un reinicio, lo que permite a atacantes man-in-the-middle ver los datos transmitidos sin cifrar y obtener acceso a las redes en el servidor L2TP monitorizando los paquetes para los datos transmitidos y obtener el secreto L2TP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-311"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*","matchCriteriaId":"8C5436E3-F0C4-4AD2-B098-A5E764DFB58A"},{"vulnerable":true,"criteria":"cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*","matchCriteriaId":"24343BA3-3B12-41D3-9F19-E29EA567FAFA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96447","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96447","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6341","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117."},{"lang":"es","value":"Dispositivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29 y SmartPSS Software 1.16.1 2017-01-19 envia contraseñas en texto plano en respuesta a las solicitudes de la página web, aplicaciones móviles e interfaces de aplicaciones de escritorio, lo que permite a atacantes remotos obtener información sensible rastreando la red, una vulnerabilidad diferente a CVE-2013-6117."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*","matchCriteriaId":"5F6BC430-D09D-4F25-B795-E24C294A924C"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*","matchCriteriaId":"A9D785EA-C49B-41F4-8810-EEDEF861F54B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*","matchCriteriaId":"7E3E1C39-FF68-4116-94D5-E9CB1E36FB98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*","matchCriteriaId":"7DF491B9-DB4C-41D7-ADC7-D5E45CC3724E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96456","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://twitter.com/null_ku7/status/835649185168838657","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96456","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://twitter.com/null_ku7/status/835649185168838657","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6342","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117."},{"lang":"es","value":"Dispositivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29 y SmartPSS Software 1.16.1 2017-01-19 envian el MD5 o SHA-256 Admin Hash durante el inicio de sesión automático de SmartPSS, esto podría permitir a atacantes remotos obtener información sensible rastreando la red y llevando a cabo un ataque a tablas rainbow, una vulnerabilidad diferente a CVE-2013-6117."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*","matchCriteriaId":"5F6BC430-D09D-4F25-B795-E24C294A924C"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*","matchCriteriaId":"A9D785EA-C49B-41F4-8810-EEDEF861F54B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*","matchCriteriaId":"7E3E1C39-FF68-4116-94D5-E9CB1E36FB98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*","matchCriteriaId":"7DF491B9-DB4C-41D7-ADC7-D5E45CC3724E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96454","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96454","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6343","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.440","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 allows remote attackers to obtain login access by leveraging knowledge of the MD5 Admin Hash without knowledge of the corresponding password, a different vulnerability than CVE-2013-6117."},{"lang":"es","value":"La interfaz web de los dispostivos Dahua DHI-HCVR7216A-S3 con NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29 y SmartPSS Software 1.16.1 2017-01-19 permite a atacantes remotos obtener acceso al inicio de sesión aprovechando el conocimiento de MD5 Admin Hash sin tener conocimiento de la contraseña correspondiente, una vulnerabilidad diferente a CVE-2013-6117."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:camera_firmware:2.400.0000.28.r:*:*:*:*:*:*:*","matchCriteriaId":"5F6BC430-D09D-4F25-B795-E24C294A924C"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:nvr_firmware:3.210.0001.10:*:*:*:*:*:*:*","matchCriteriaId":"A9D785EA-C49B-41F4-8810-EEDEF861F54B"},{"vulnerable":true,"criteria":"cpe:2.3:o:dahuasecurity:smartpss_firmware:1.16.1:*:*:*:*:*:*:*","matchCriteriaId":"7E3E1C39-FF68-4116-94D5-E9CB1E36FB98"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dahuasecurity:dhi-hcvr7216a-s3:-:*:*:*:*:*:*:*","matchCriteriaId":"7DF491B9-DB4C-41D7-ADC7-D5E45CC3724E"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96449","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96449","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://nullku7.github.io/stuff/exposure/dahua/2017/02/24/dahua-nvr.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6344","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.473","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows remote attackers to read arbitrary files via a crafted XML document."},{"lang":"es","value":"Vulnerabilidad XEE en Grails PDF Plugin 0.6 permite a atacantes remotos leer archivos arbitrarios a través de un documento XML manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grails:pdf_plugin:0.6:*:*:*:*:*:*:*","matchCriteriaId":"4A193B51-F51C-4C54-B633-E70D39FF8BFF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96446","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ambionics.io/blog/grails-pdf-plugin-xxe","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96446","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.ambionics.io/blog/grails-pdf-plugin-xxe","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6349","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.503","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."},{"lang":"es","value":"Un desbordamiento de entero en un sitio de asignación de memoria u_read_undo ocurriría para vim en versiones anteriores al parche 8.0.0377, si no valida correctamente los valores de longitud del árbol de decisión, al leer un archivo desecho corrompido, lo que puede resultar en un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0376","matchCriteriaId":"83EDAAC0-DAD8-494F-98A8-522604E389D5"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96451","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037949","source":"cve@mitre.org"},{"url":"https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA","source":"cve@mitre.org"},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/4309-1/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96451","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037949","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/LAgsTcdSfNA","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4309-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6350","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T07:59:00.537","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows."},{"lang":"es","value":"Un desbordamiento de entero en un sitio de asignación de memoria unserialize_uep ocurriría para vim en versiones anteriores al parche 8.0.0378, si no valida correctamente los valores de longitud del arból de decisión, al leer un archivo desecho corrompido, lo que puede resultar en un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0.0377","matchCriteriaId":"0A066C34-AF73-49F8-B14B-F34813E36107"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96448","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037949","source":"cve@mitre.org"},{"url":"https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q","source":"cve@mitre.org"},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"cve@mitre.org"},{"url":"https://usn.ubuntu.com/4309-1/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96448","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037949","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/L_dOHOOiQ5Q","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://groups.google.com/forum/#%21topic/vim_dev/QPZc0CY9j3Y","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-26","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://usn.ubuntu.com/4309-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-2682","sourceIdentifier":"productcert@siemens.com","published":"2017-02-27T11:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could allow a remote attacker to perform a Cross-Site Request Forgery (CSRF) attack, potentially allowing an attacker to execute administrative operations, provided the targeted user has an active session and is induced to trigger a malicious request."},{"lang":"es","value":"La aplicación web de Siemens RUGGEDCOM NMS < V1.2 en puertos 8080/TCP y 8081/TCP podría permitir a un atacante remoto realizar un ataque CSRF, que potencialmente permite a un atacante ejecutar operaciones administrativas, siempre que el usuario objetivo tenga una sesión activa y se induzca a desencadenar una respuesta maliciosa."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-352"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:ruggedcom_network_management_software:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2","matchCriteriaId":"6D72B13C-17A8-4530-970F-2BDB7F4B455C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96458","source":"productcert@siemens.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037958","source":"productcert@siemens.com"},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881.pdf","source":"productcert@siemens.com","tags":["Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01","source":"productcert@siemens.com","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/96458","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037958","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}},{"cve":{"id":"CVE-2017-2683","sourceIdentifier":"productcert@siemens.com","published":"2017-02-27T11:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions."},{"lang":"es","value":"Un usuario no privilegiado de la aplicación web de Siemens RUGGEDCOM NMS < V1.2 en puertos 8080/TCP y 8081/TCP podría realizar un ataque de XSS resultando potencialmente en la obtención de permisos administrativos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:ruggedcom_network_management_software:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2","matchCriteriaId":"6D72B13C-17A8-4530-970F-2BDB7F4B455C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96455","source":"productcert@siemens.com"},{"url":"http://www.securitytracker.com/id/1037958","source":"productcert@siemens.com"},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881.pdf","source":"productcert@siemens.com","tags":["Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01","source":"productcert@siemens.com"},{"url":"http://www.securityfocus.com/bid/96455","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037958","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-363881.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-17-059-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8105","sourceIdentifier":"secure@intel.com","published":"2017-02-27T18:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations."},{"lang":"es","value":"\"Controladores para las familias Intel Ethernet Controller X710 e Intel Ethernet Controller XL710 con versiones anteriores a 22.0 son vulnerables a una denegación de servicio en determinadas configuraciones de red de la capa 2.\""}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:N/I:N/A:C","baseScore":6.1,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.5,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intel:x710_series_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"21.3","matchCriteriaId":"0A973AA2-0B45-49FA-9DE1-204E8620F360"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:xl710_series_driver:*:*:*:*:*:*:*:*","versionEndIncluding":"21.3","matchCriteriaId":"43551937-E245-4FEE-B322-63A13938F397"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:intel:x710-am2_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"FC979C3F-3D1C-43D6-A236-E8BD49EE8843"},{"vulnerable":false,"criteria":"cpe:2.3:h:intel:x710-bm2_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"A2F1DE4E-CC42-4988-B8F2-D5E9C696E214"},{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xl710-am1_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"AC7160B9-F0B1-4CAF-926E-185F5575522C"},{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xl710-am2_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"6B70EC91-9B74-4B3F-9EBD-D4A63DAE1B6B"},{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xl710-bm1_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"8FBC085F-635B-4162-8559-3950F54A98F0"},{"vulnerable":false,"criteria":"cpe:2.3:h:intel:xl710-bm2_controller:-:*:*:*:*:*:*:*","matchCriteriaId":"E12096C6-3339-43AC-87D2-28836FA39656"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96474","source":"secure@intel.com"},{"url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr","source":"secure@intel.com"},{"url":"http://www.securityfocus.com/bid/96474","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00069&languageid=en-fr","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8385","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-27T21:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool."},{"lang":"es","value":"Existe una vulnerabilidad de variable no inicializada explotable que conduce a un desbordamiento de búfer basado en pila existe en Iceni Argus. Cuando intenta convertir un PDF mal formado a XML una variable de pila se dejará sin inicializar lo que más tarde se utilizará para obtener una longitud que se utiliza en un operación de copia. En la mayoría de los casos esto podría permitir a un agresor escribir fuera de los límites de un búfer de pila que es utilizado para contener colores. Esto puede conducir a la ejecución de código bajo el contexto de la cuenta que ejecuta la herramienta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*","matchCriteriaId":"15F3CAC5-64D7-4FFF-B180-E4F271E488DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96472","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0210/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0210/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8386","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-27T21:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signedness issue, a buffer smaller than the requested size will be returned. Later when the tool tries to populate this buffer, the overflow will occur which can lead to code execution under the context of the user running the tool."},{"lang":"es","value":"Existe un desbordamiento de búfer basado en memoria dinámica en Iceni Argus. Cuando intenta convertir un PDF que contiene una fuente mal formada a XML, la herramienta intentará utilizar un tamaño fuera de la fuente para buscar a través de una lista vinculada de búferes para devolver. Debido a un problema de firmas, se devolverá un búfer más pequeño que el tamaño solicitado. Después cuando la herramienta intenta llenar este búfer, se producirá el desbordamiento que puede conducir a a ejecución de código bajo el contexto del usuario que ejecuta la herramienta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*","matchCriteriaId":"15F3CAC5-64D7-4FFF-B180-E4F271E488DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96472","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0211/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0211/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8387","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-27T21:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by the LZW decoder. This can lead to code execution under the context of the account of the user running it."},{"lang":"es","value":"Existe un desbordamiento de búfer basado en memoria dinámica en Iceni Argus. Cuando intenta convertir un PDF mal formado con un objeto codificado con tipos de codificación múltiple que terminan con un tipo cifrado LZW, puede ocurrir un desbordamiento debido a una comprobación de límites por el decodificador LZW. Esto puede conducir a la ejecución de código bajo el contexto de la cuenta del usuario que lo ejecuta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*","matchCriteriaId":"15F3CAC5-64D7-4FFF-B180-E4F271E488DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96468","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0212/","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96468","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0212/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8900","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x allows remote attackers to cause a denial of service (infinite loop) via a crafted HDR file."},{"lang":"es","value":"La función ReadHDRImage en coders/hdr.c en ImageMagick 6.x y 7.x permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un archivo HDR manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndIncluding":"6.9.3-10","matchCriteriaId":"6FD438C7-EAFF-4C51-942E-3ED2E335A636"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.1-0","versionEndIncluding":"7.0.5-0","matchCriteriaId":"E3B003B5-BF3B-4D07-8896-E2F292E9FBD9"}]}]}],"references":[{"url":"http://trac.imagemagick.org/changeset/17845","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://trac.imagemagick.org/changeset/17846","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195260","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://trac.imagemagick.org/changeset/17845","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://trac.imagemagick.org/changeset/17846","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195260","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/97aa7d7cfd2027f6ba7ce42caf8b798541b9cdc6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8901","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file."},{"lang":"es","value":"ImageMagick 6.x en versiones anteriores a 6.9.0-5 Beta permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un archivo MIFF manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.9.0-5","matchCriteriaId":"4B3DE6AE-E21A-4867-9EAF-2B9A70FFA89D"}]}]}],"references":[{"url":"http://trac.imagemagick.org/changeset/17854","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195265","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"http://trac.imagemagick.org/changeset/17854","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195265","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8902","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.260","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file."},{"lang":"es","value":"La función ReadBlobByte en coders/pdb.c en ImageMagick 6.x en versiones anteriores a 6.9.0-5 Beta permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un archivo PDB manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.9.0-5","matchCriteriaId":"4B3DE6AE-E21A-4867-9EAF-2B9A70FFA89D"}]}]}],"references":[{"url":"http://trac.imagemagick.org/changeset/17855","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195269","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://trac.imagemagick.org/changeset/17855","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195269","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2015-8903","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file."},{"lang":"es","value":"La función ReadVICARImage en coders/vicar.c en ImageMagick 6.x en versiones anteriores a 6.9.0-5 Beta permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un archivo VICA manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.9.0-5","matchCriteriaId":"4B3DE6AE-E21A-4867-9EAF-2B9A70FFA89D"}]}]}],"references":[{"url":"http://trac.imagemagick.org/changeset/17856","source":"cve@mitre.org","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195271","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://trac.imagemagick.org/changeset/17856","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2015/02/26/13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/06/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1195271","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10028","sourceIdentifier":"secalert@redhat.com","published":"2017-02-27T22:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0."},{"lang":"es","value":"La función virgl_cmd_get_capset en hw/display/virtio-gpu-3d.c en QEMU (también conocido como Quick Emulator) construido con el apoyo del emulador Virtio GPU Device permite a usuarios locales del SO invitado provocar una denegación de servicio (lectura fuera de límites y caída del proceso) a través de un comando VIRTIO_GPU_CMD_GET_CAPSET con un tamaño de capacidades con un valor de 0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndIncluding":"2.8.1.1","matchCriteriaId":"A965C2D1-C447-4324-95A4-27285ECF8909"}]}]}],"references":[{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/20/1","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/22/14","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94981","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037525","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html","source":"secalert@redhat.com","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-49","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=abd7f08b2353f43274b785db8c7224f082ef4d31","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/20/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/22/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94981","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037525","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-49","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10029","sourceIdentifier":"secalert@redhat.com","published":"2017-02-27T22:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a scanout id in a VIRTIO_GPU_CMD_SET_SCANOUT command larger than num_scanouts."},{"lang":"es","value":"La función virtio_gpu_set_scanout en QEMU (también conocido como Quick Emulator) construido con el apoyo del emulador Virtio GPU Device permite a los usuarios locales de SO invitados provocar una denegación de servicio (lectura fuera de límites y caída del proceso) a través de un id scanout en un comando VIRTIO_GPU_CMD_SET_SCANOUT mayor que num_scanouts."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:P","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.2","matchCriteriaId":"3CF78B06-34D3-4BF8-883B-7B9643BBA7CE"}]}]}],"references":[{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=2fe760554eb3769d70f608a158474f","source":"secalert@redhat.com"},{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=acfc4846508a02cc4c83aa27799fd7","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/20/2","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/22/15","source":"secalert@redhat.com","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94978","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037526","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=2fe760554eb3769d70f608a158474f","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://git.qemu-project.org/?p=qemu.git%3Ba=commit%3Bh=acfc4846508a02cc4c83aa27799fd7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/12/20/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/22/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94978","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5240","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer in ImageMagick allow remote attackers to cause a denial of service (infinite loop) by converting a circularly defined SVG file."},{"lang":"es","value":"La función DrawDashPolygon en magick/render.c en GraphicsMagick en versiones anteriores a 1.3.24 y el SVG renderer en ImageMagick permiten a atacantes remotos provocar una denegación de servicio (bucle infinito) convirtiendo un archivo SVG definido circularmente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:*:*:*:*:*:*:*:*","versionEndIncluding":"1.3.23","matchCriteriaId":"42CE71F0-3C4D-485A-8C77-F4D079B3E064"}]}]}],"references":[{"url":"http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=ddc999ec896c","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org"},{"url":"http://www.graphicsmagick.org/ChangeLog-2016.html","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/6","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/02/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/89348","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1237","source":"cve@mitre.org"},{"url":"http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset%3Bnode=ddc999ec896c","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.graphicsmagick.org/ChangeLog-2016.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/05/01/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/02/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/89348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2016:1237","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-7553","sourceIdentifier":"security@debian.org","published":"2017-02-27T22:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file."},{"lang":"es","value":"La secuencia de comandos buf.pl en versiones anteriores a 2.20 en Irssi en versiones anteriores a 0.8.20 utiliza permiso débiles para el archivo de volcado scrollbuffer creado entre actualizaciones, lo que podrían permitir a a usuarios locales obtener información sensible de conversaciones de chat privados leyendo el archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-275"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:buf.pl:*:*:*:*:*:*:*:*","versionEndIncluding":"2.13","matchCriteriaId":"0446A04A-F652-4096-A349-59A1594FE077"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/24/1","source":"security@debian.org","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/4","source":"security@debian.org","tags":["Mailing List","Patch"]},{"url":"http://www.securityfocus.com/bid/93155","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a","source":"security@debian.org","tags":["Patch"]},{"url":"https://irssi.org/security/buf_pl_sa_2016.txt","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/","source":"security@debian.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/24/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/26/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.securityfocus.com/bid/93155","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://irssi.org/security/buf_pl_sa_2016.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7OM3WHWQ7RIAOZSOZZUM4CUYGKSIAGJJ/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9815","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort."},{"lang":"es","value":"Xen hasta la versión 4.7.x permite a usuarios locales del SO ARM invitado provocar una denegación de servicio (pánico del host) enviando un aborto asíncrono."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"cve@mitre.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-1.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-1.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9816","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2."},{"lang":"es","value":"Xen hasta la versión 4.7.x permite a usuarios locales del SO ARM invitado provocar una denegación de servicio (caída del host) a través de vectores que implican un aborto asíncrono mientra en EL2."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"cve@mitre.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-2.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-2.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9817","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.603","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set."},{"lang":"es","value":"Xen hasta la versión 4.7.x permite a usuarios locales del SO ARM invitado provocar una denegación de servicio (caída del host) a través de vectores que implican una interrupción de (1) datos o (2) prefetch con el conjunto de bits ESR_EL2.EA."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"cve@mitre.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-3-4.7.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-3.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-3-4.7.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-3.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9818","sourceIdentifier":"cve@mitre.org","published":"2017-02-27T22:59:00.650","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP."},{"lang":"es","value":"Xen hasta la versión 4.7.x permite a usuarios locales del SO ARM invitado provocar una denegación de servicio (caída del host) a través de vectores que implican un aborto asíncrono mientras en HYP."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.0:*:*:*:*:*:*:*","matchCriteriaId":"F1DD0255-9127-4C7F-9C02-42198820363E"},{"vulnerable":true,"criteria":"cpe:2.3:o:xen:xen:4.7.1:*:*:*:*:*:*:*","matchCriteriaId":"8FDFDDA0-51D2-4995-9B4D-48047C940FC5"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"cve@mitre.org","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"cve@mitre.org"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"cve@mitre.org","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-4.patch","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/11/29/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Mitigation","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037358","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://xenbits.xen.org/xsa/advisory-201.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://xenbits.xen.org/xsa/xsa201-4.patch","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201612-56","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8388","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-28T15:59:00.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable arbitrary heap-overwrite vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will explicitly trust an index within the specific font object and use it to write the font's name to a single object within an array of objects."},{"lang":"es","value":"Existe una vulnerabilidad explotable de sobre escritura arbitraria en Iceni Argus. Cuando trata de convertir un PDF mal formado a XML, confiará explícitamente en un índice dentro del objeto frontal específico y lo usará para escribir el nombre frontal a un solo objeto dentro de un array de objetos."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*","matchCriteriaId":"15F3CAC5-64D7-4FFF-B180-E4F271E488DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96472","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0213/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96472","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0213/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8389","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-28T15:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the application attempts to iterate through the rows and initializing the polygon shape in the buffer, it will write outside of the bounds of said buffer. This can lead to code execution under the context of the account running it."},{"lang":"es","value":"Existe una vulnerabilidad explotable de desbordamiento de entero en Iceni Argus. Cuando trata de convertir un PDF mal formado a XML, intentará convertir cada carácter de una fuente en un polígono y después intentará rasterizar estas formas. A medida que la aplicación intenta iterar a través de las filas e inicializar la forma del polígono en el búfer, escribirá fuera de los límites de dicho búfer. Esto puede conducir a ejecución de código bajo el contexto de la cuenta que lo ejecuta."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.04:*:*:*:*:*:*:*","matchCriteriaId":"15F3CAC5-64D7-4FFF-B180-E4F271E488DA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96469","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0214/","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96469","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0214/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8715","sourceIdentifier":"talos-cna@cisco.com","published":"2017-02-28T15:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An exploitable heap corruption vulnerability exists in the loadTrailer functionality of Iceni Argus version 6.6.05. A specially crafted PDF file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide a malicious PDF file to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad explotable de corrupción de memoria en la funcionalidad loadTrailer de Iceni Argus versión 6.6.05. Un archivo PDF especialmente manipulado puede provocar una corrupción de memoria resultando en ejecución de código arbitrario. Un atacante puede enviar/proporcionar un archivo PDF malicioso para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iceni:argus:6.6.05:*:*:*:*:*:*:*","matchCriteriaId":"47F7129E-65D9-40D4-B7F4-291726839149"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96470","source":"talos-cna@cisco.com","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0228/","source":"talos-cna@cisco.com","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96470","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"]},{"url":"http://www.talosintelligence.com/reports/TALOS-2016-0228/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10207","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early."},{"lang":"es","value":"El servidor Xvnc en TigerVNC permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no válida y caída) terminando un apretón de manos TLS temprano."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:0.0.90:*:*:*:*:*:*:*","matchCriteriaId":"7A2445F5-A664-47E6-B3D0-4F9E30348A6D"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:0.0.91:*:*:*:*:*:*:*","matchCriteriaId":"BD402007-3C2E-4889-93B0-3A74C104E868"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.0:*:*:*:*:*:*:*","matchCriteriaId":"BC267495-63B6-4A6E-9185-F6B395738C64"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"9B633044-EA51-4A5A-845D-06064CFBCA40"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"64D27895-7CD8-4AF4-A392-04B4D8EDFA87"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.3:*:*:*:*:*:*:*","matchCriteriaId":"BABA188F-30E2-4C86-BF38-DC3BC383B822"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.3.1:*:*:*:*:*:*:*","matchCriteriaId":"8D19A4F7-747B-45B8-8AEE-69A937D537B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:1.7:*:*:*:*:*:*:*","matchCriteriaId":"5045D13B-9A2E-420C-A3BF-CA28C721FD9C"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/22","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/2","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96012","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2000","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1023012","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://security.gentoo.org/glsa/201801-13","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96012","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2000","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1023012","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://security.gentoo.org/glsa/201801-13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9259","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.250","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en Tenable Nessus en versiones anteriores a 6.9.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:6.8:*:*:*:*:*:*:*","matchCriteriaId":"C6D17318-6310-4E09-9E51-E31E26098FF7"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:6.8.1:*:*:*:*:*:*:*","matchCriteriaId":"63616621-2753-4095-B1E6-71289422D099"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:6.8.2:*:*:*:*:*:*:*","matchCriteriaId":"239A4541-2CA0-49EE-8202-2D70CC932662"},{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:nessus:6.9:*:*:*:*:*:*:*","matchCriteriaId":"E81D6F86-4394-4C1E-8B13-40E5C6F14A58"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1037293","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2016-17","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1037293","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.tenable.com/security/tns-2016-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9261","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.280","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de XSS en Tenable Log Correlation Engine (también conocido como LCE) en versiones anteriores a 4.8.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:*","versionEndIncluding":"4.8.0","matchCriteriaId":"6B61EB50-0BE7-4ECE-8578-02D76D0A6E5A"}]}]}],"references":[{"url":"https://www.tenable.com/security/tns-2016-18","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://www.tenable.com/security/tns-2016-18","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9558","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a \"negation overflow.\""},{"lang":"es","value":"(1) libdwarf/dwarf_leb.c y (2) dwarfdump/print_frames.c en libdwarf en versiones anteriores a 20161124 permite a atacantes remotos tener un impacto no especificado a través de un bit manipulado en un número de leb firmado, también conocido como \"desbordamiento de negación\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libdwarf_project:libdwarf:*:*:*:*:*:*:*:*","versionStartIncluding":"1999-12-14","versionEndExcluding":"2016-11-24","matchCriteriaId":"720D5B9E-31E8-43BD-86CF-C8D947DECED4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/3","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94491","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.prevanders.net/dwarfbug.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5581","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries."},{"lang":"es","value":"Desbordamiento de búfer en la función ModifiablePixelBuffer::fillRect en TigerVNC en versiones anteriores a 1.7.1 permite a servidores remotos ejecutar código arbitrario a través de un mensaje RRE con un subrectangulo fuera de los límites del marco del búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*","versionEndIncluding":"1.7","matchCriteriaId":"990779CD-71C1-4725-A6AF-C1CE09DDE0DC"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/22/1","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95789","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2000","source":"cve@mitre.org"},{"url":"https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/pull/399","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-19","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/22/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/25/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95789","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2000","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/pull/399","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-19","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5884","sourceIdentifier":"secalert@redhat.com","published":"2017-02-28T18:59:00.407","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile."},{"lang":"es","value":"gtk-vnc en versiones anteriores a 0.7.0 no comprueba adecuadamente los límites de azulejos que contienen sub rectángulo, lo que permite a servidores remotos ejecutar código arbitrario a través de las coordenadas src x, y en un azulejo (1) rre, (2) hextile o (3) copyrect manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-118"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:gtk-vnc:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.0","matchCriteriaId":"2DD352B4-191D-4FB8-A325-D085B29F3810"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/03/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96016","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2258","source":"secalert@redhat.com"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=778048","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking"]},{"url":"https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/03/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2258","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=778048","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"https://git.gnome.org/browse/gtk-vnc/commit/?id=ea0386933214c9178aaea9f2f85049ea3fa3e14a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5885","sourceIdentifier":"secalert@redhat.com","published":"2017-02-28T18:59:00.453","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow."},{"lang":"es","value":"Múltiples desbordamientos de entero en las funciones (1) vnc_connection_server_message y (2) vnc_color_map_set en gtk-vnc en versiones anteriores a 0.7.0 permiten a servidores remotos provocar una denegación de servicio (caída) o la posibilidad de ejecutar código arbitrario a través de vectores implicando SetColorMapEntries, lo que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnome:gtk-vnc:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.0","matchCriteriaId":"2DD352B4-191D-4FB8-A325-D085B29F3810"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/03/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/5","source":"secalert@redhat.com","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96016","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2258","source":"secalert@redhat.com"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=778050","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/","source":"secalert@redhat.com"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/03/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96016","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:2258","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.gnome.org/show_bug.cgi?id=778050","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Vendor Advisory"]},{"url":"https://git.gnome.org/browse/gtk-vnc/commit/?id=c8583fd3783c5b811590fcb7bae4ce6e7344963e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGPQ5MQR6SN4DYTEFACHP2PP5RR26KYK/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5982","sourceIdentifier":"cve@mitre.org","published":"2017-02-28T18:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd."},{"lang":"es","value":"Vulnerabilidad de salto de directorio en el añadido Chorus2 2.4.2 para Kodi permite a atacantes remotos leer archivos arbitrarios a través de un %2E%2E%252e (punto punto barra codificado) en la ruta de la imagen, según lo demostrado por image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kodi:kodi:17.1:*:*:*:*:*:*:*","matchCriteriaId":"1CE532A2-ABFA-4CA9-9DAD-560942F62154"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/27","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96481","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41312/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/141043/Kodi-17.1-Arbitrary-File-Disclosure.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/27","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96481","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41312/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5682","sourceIdentifier":"secure@intel.com","published":"2017-02-28T19:59:00.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."},{"lang":"es","value":"Intel PSET Application Install wrapper de Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer y Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library y Intel Threading Building Blocks en versiones anteriores a 2017 Update 2 permite a un atacante iniciar un proceso con privilegios escalados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:intel:advisor:2017:*:*:*:*:*:*:*","matchCriteriaId":"83E6F5FC-D325-4C8C-82E9-82B5FFCEB083"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:cryptography_for_intel_integrated_performance_primitives:2017:*:*:*:*:*:*:*","matchCriteriaId":"91AFB020-6F26-4D0D-A373-5E6341975421"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:data_analytics_acceleration_library:2017:*:*:*:*:*:*:*","matchCriteriaId":"B40F7BDC-1317-480B-9B23-1F13758543D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:inspector:2017:*:*:*:*:*:*:*","matchCriteriaId":"D9644872-437C-4AD5-9D7C-811E527CC13B"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:integrated_performance_primitives:2017:*:*:*:*:*:*:*","matchCriteriaId":"B67785D4-D084-4C3E-81E6-B6C5BD110885"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:math_kernel_library:2017:*:*:*:*:*:*:*","matchCriteriaId":"7B94882E-342F-4D87-A0D2-6F0C9282B096"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:mpi_library:2017:*:*:*:*:*:*:*","matchCriteriaId":"6B60FA44-7160-4D1A-98AE-744FC2C91B88"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:parallel_studio_xe:2017:*:*:*:*:*:*:*","matchCriteriaId":"E9DFA92D-02DD-4623-A7A5-B7780CE24996"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:system_studio:2017:*:*:*:*:*:*:*","matchCriteriaId":"1314F593-5448-4458-A7FF-A479909C0147"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:threading_building_blocks:2017:*:*:*:*:*:*:*","matchCriteriaId":"096729CA-6729-480D-BEDD-B294DCB3B789"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:trace_analyzer_and_collector:2017:*:*:*:*:*:*:*","matchCriteriaId":"73D61D38-EC35-4C15-996C-28484709A42D"},{"vulnerable":true,"criteria":"cpe:2.3:a:intel:vtune_amplifier:2017:*:*:*:*:*:*:*","matchCriteriaId":"C3A8F80A-95C3-44A1-BB71-8E1A3581B8D2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96482","source":"secure@intel.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr","source":"secure@intel.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10092","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.150","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the readContigStripsIntoBuffer function in tif_unix.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image."},{"lang":"es","value":"Desbordamiento de búfer basado en Heap en la función readContigStripsIntoBuffer en tif_unix.c en LibTIFF versiones 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4. 0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 y 4.0.6 permite a los atacantes remotos tener un impacto no especificado a través de una imagen elaborada"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FE968DD2-24BE-4417-A6DF-D79E40E07766"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2620","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2622","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95218","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092","source":"cve@mitre.org"},{"url":"https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2620","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2622","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95218","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10092","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-10093","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow."},{"lang":"es","value":"El desbordamiento de enteros en tools/tiffcp.c en LibTIFF versiones 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0. 2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 y 4.0.6 permite a los atacantes remotos tener un impacto no especificado a través de una imagen manipulada, que desencadena un desbordamiento de búfer basado en la pila"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"},{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FE968DD2-24BE-4417-A6DF-D79E40E07766"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2610","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95215","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093","source":"cve@mitre.org"},{"url":"https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2610","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95215","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2016-10093","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-10094","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools/tiff2pdf.c in LibTIFF 4.0.7 allows remote attackers to have unspecified impact via a crafted image."},{"lang":"es","value":"Error por un paso en la función t2p_readwrite_pdf_image_tile en tools/tiff2pdf.c en LibTIFF 4.0.7 permite a atacantes remotos tener un impacto no especificado a través de una imagen manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FE968DD2-24BE-4417-A6DF-D79E40E07766"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2640","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95214","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"cve@mitre.org"},{"url":"https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2640","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95214","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10095","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the _TIFFVGetField function in tif_dir.c in LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 and 4.0.8 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en la función _TIFFVGetField en tif_dir.c en LibTIFF versiones 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5, 4.0.6, 4.0.7 y 4.0.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo TIFF manipulado"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:4.0.7:*:*:*:*:*:*:*","matchCriteriaId":"FE968DD2-24BE-4417-A6DF-D79E40E07766"}]}]}],"references":[{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2625","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3903","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/11","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/7","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95178","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://bugzilla.maptools.org/show_bug.cgi?id=2625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://www.debian.org/security/2017/dsa-3903","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/01/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95178","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-8507","sourceIdentifier":"browser-security@yandex-team.ru","published":"2017-03-01T15:59:00.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site."},{"lang":"es","value":"Yandex Browser para iOS en versiones anteriores a 16.10.0.2357 no restringe adecuadamente el procesamiento de URLs de facetime://, lo que permite a atacantes remotos iniciar la llamada cara a cara sin la aprobación del usuario y obtener datos de vídeo y audio desde un dispositivo a través de un sitio web manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:iphone_os:*:*","versionEndExcluding":"16.10.0.2357","matchCriteriaId":"92ECBF6C-301C-4B47-BC97-AE9C6B9CAA3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96517","source":"browser-security@yandex-team.ru","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://yandex.com/blog/security-changelogs/fixed-in-version-16-10","source":"browser-security@yandex-team.ru","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96517","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://yandex.com/blog/security-changelogs/fixed-in-version-16-10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8508","sourceIdentifier":"browser-security@yandex-team.ru","published":"2017-03-01T15:59:00.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site."},{"lang":"es","value":"Yandex Browser para escritorio en versiones anteriores a 17.1.1.227 no muestra las advertencias de Protect (similar a Safebrowsing en Chromium) en sitios web con un tipo de contenido especial, lo que podría ser usado por atacantes remotos para prevenir la advertencia Protect en su propio sitio web malicioso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-254"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yandex:yandex_browser:*:*:*:*:*:*:*:*","versionEndExcluding":"17.1.1.227","matchCriteriaId":"7E04D5E5-9981-434D-9153-193C68643C97"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96514","source":"browser-security@yandex-team.ru","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://yandex.com/blog/security-changelogs/fixed-in-version-17-1","source":"browser-security@yandex-team.ru","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96514","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://yandex.com/blog/security-changelogs/fixed-in-version-17-1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9559","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.383","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted image."},{"lang":"es","value":"coders/tiff.c en ImageMagick en versiones anteriores a 7.0.3.7 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de una imagen manipulada."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.6-5","matchCriteriaId":"F30626A9-B511-4DA4-B48E-D2843785C187"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.3-7","matchCriteriaId":"ACA6D542-44E0-4B8A-A71C-0FA03FEC80E7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2016/dsa-3726","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94489","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c/","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/298","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3726","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/19/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/11/23/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94489","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/11/19/imagemagick-null-pointer-must-never-be-null-tiff-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/298","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9819","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.430","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libavcodec/mpegvideo.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9820","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libavcodec/mpegvideo_motion.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9821","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.477","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en libavcodec/mpegvideo_parser.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3833","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3833","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9822","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.510","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en libavcodec/mpeg12dec.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3833","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3833","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9823","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"libavcodec/x86/mpegvideo.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado. ."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9824","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en libswscale/x86/swscale.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9825","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libswscale/utils.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libswscale/utils.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9826","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.617","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libavcodec/ituh263dec.c en libav 11.8 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-189"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libav:libav:11.8:*:*:*:*:*:*:*","matchCriteriaId":"D13C7C73-2D64-47A9-A4BB-2D2E0DCF443D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/94732","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94732","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5498","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.650","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libjasper/include/jasper/jas_math.h en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95666","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5499","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.680","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95666","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5500","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.713","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libjasper/jpc/jpc_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95666","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5501","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.743","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en libjasper/jpc/jpc_tsfb.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95666","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5502","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.773","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value."},{"lang":"es","value":"libjasper/jp2/jp2_dec.c en JasPer 1.900.17 permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores que implican desplazamiento a la izquierda de un valor negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95666","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95666","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5503","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.790","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image."},{"lang":"es","value":"La función dec_clnpass en libjasper/jpc/jpc_t1dec.c en JasPer 1.900.27 permite a atacantes remotos provocar una denegación de servicio (escritura de memoria invalida y caída) o posiblemente tener otro impacto no especificado través de una imagen manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.27:*:*:*:*:*:*:*","matchCriteriaId":"D2E1FD20-D299-4773-87A6-55BDC91A1B66"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/16/3","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/17/10","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95683","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-03","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/16/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/17/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95683","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5504","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.837","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image."},{"lang":"es","value":"La función jpc_undo_roi en libjasper/jpc/jpc_dec.c en JasPer 1.900.27 permite a atacantes remotos provocar una denegación de servicio (escritura de memoria invalida y caída) o posiblemente tener otro impacto no especificado través de una imagen manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jasper_project:jasper:1.900.17:*:*:*:*:*:*:*","matchCriteriaId":"D54EFC18-A00F-4D1D-B1EC-6A8F20085795"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/95682","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-03","source":"cve@mitre.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/95682","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201908-03","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5665","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.867","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."},{"lang":"es","value":"La función splt_cue_export_to_file en cue.c en libmp3splt 0.9.2 permite a atacantes remotos provocar una denegación de servicio (referencia al puntero null y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libmp3splt_project:libmp3splt:0.9.2:*:*:*:*:*:*:*","matchCriteriaId":"84B51E61-EB45-4D08-8943-9A7CA31F2056"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95906","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95906","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5666","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.883","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file."},{"lang":"es","value":"La función free_options en options_manager.c en mp3splt 2.6.2 permite a atacantes remotos provocar una denegación de servicio (liberación no valida y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mp3splt_project:mp3splt:2.6.2:*:*:*:*:*:*:*","matchCriteriaId":"6D60C444-10AE-4E61-BA18-901DFC03BD64"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95908","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95908","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5851","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.917","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.  NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability."},{"lang":"es","value":"La función free_options en options_manager.c en mp3splt 2.6.2 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo manipulado. NOTA: esto normalmente no tiene ningún riesgo; este bloqueo de este programa de lineas de comandos no tiene consecuencias adicionales para la disponibilidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mp3splt_project:mp3splt:2.6.2:*:*:*:*:*:*:*","matchCriteriaId":"6D60C444-10AE-4E61-BA18-901DFC03BD64"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96002","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96002","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5852","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.947","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVariant.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted file."},{"lang":"es","value":"La función PoDoFo::PdfPage::GetInheritedKeyFromObject function en base/PdfVariant.cpp en PoDoFo 0.9.4 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:podofo_project:podofo:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"8708B68A-5EE4-4FDB-B5F5-293AFF028F3B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97032","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97032","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5853","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:00.993","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."},{"lang":"es","value":"Desbordamiento de entero en base/PdfParser.cpp en PoDoFo 0.9.4 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-190"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:podofo_project:podofo:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"8708B68A-5EE4-4FDB-B5F5-293AFF028F3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96066","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96066","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5854","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.023","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file."},{"lang":"es","value":"base/PdfOutputStream.cpp en PoDoFo 0.9.4 permite a atacantes una denegación de servicio (referencia al puntero null y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:podofo_project:podofo:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"8708B68A-5EE4-4FDB-B5F5-293AFF028F3B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/12","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96072","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/01/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/12","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96072","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5855","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.087","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."},{"lang":"es","value":"La función PoDoFo::PdfParser::ReadXRefSubsection en PdfParser.cpp en PoDoFo 0.9.4 permite a atacantes remotos provocar una denegación de servicio (referencia al puntero null) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:podofo_project:podofo:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"8708B68A-5EE4-4FDB-B5F5-293AFF028F3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96516","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96516","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5886","sourceIdentifier":"secalert@redhat.com","published":"2017-03-01T15:59:01.103","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken function in PdfTokenizer.cpp in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función PoDoFo::PdfTokenizer::GetNextToken en PdfTokenizer.cpp en PoDoFo 0.9.4 permite a atacantes remotos tener un impacto no especificado a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:podofo_project:podofo:0.9.4:*:*:*:*:*:*:*","matchCriteriaId":"8708B68A-5EE4-4FDB-B5F5-293AFF028F3B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96512","source":"secalert@redhat.com"},{"url":"https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/","source":"secalert@redhat.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96512","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5974","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.117","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función __zzip_get32 en fetch.c en zziplib versiones 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo ZIP manipulado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.56:*:*:*:*:*:*:*","matchCriteriaId":"12D4D396-32C4-4801-AC28-B7164A68EB23"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.57:*:*:*:*:*:*:*","matchCriteriaId":"090AACFE-3609-40B8-962B-7C11A9F11504"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.58:*:*:*:*:*:*:*","matchCriteriaId":"EA7254FC-BFC6-4383-84F7-A3097E351584"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.59:*:*:*:*:*:*:*","matchCriteriaId":"BDB2A794-A1FB-448C-9664-C1DCE869A7F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.60:*:*:*:*:*:*:*","matchCriteriaId":"B83A2898-F630-481C-8BE9-EBD508E76BF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.61:*:*:*:*:*:*:*","matchCriteriaId":"DA32F25B-8687-4307-890C-0714EF19ADA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5975","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función __zzip_get64 en fetch.c en zziplib versiones 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 permite atacantes remotos provocar una denegación de servicio (caída) a través de un archivo ZIP manipulado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.56:*:*:*:*:*:*:*","matchCriteriaId":"12D4D396-32C4-4801-AC28-B7164A68EB23"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.57:*:*:*:*:*:*:*","matchCriteriaId":"090AACFE-3609-40B8-962B-7C11A9F11504"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.58:*:*:*:*:*:*:*","matchCriteriaId":"EA7254FC-BFC6-4383-84F7-A3097E351584"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.59:*:*:*:*:*:*:*","matchCriteriaId":"BDB2A794-A1FB-448C-9664-C1DCE869A7F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.60:*:*:*:*:*:*:*","matchCriteriaId":"B83A2898-F630-481C-8BE9-EBD508E76BF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.61:*:*:*:*:*:*:*","matchCriteriaId":"DA32F25B-8687-4307-890C-0714EF19ADA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5976","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 allows remote attackers to cause a denial of service (crash) via a crafted ZIP file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función zzip_mem_entry_extra_block en memdisk.c en zziplib versiones 0.13.62, 0.13.61, 0.13.60, 0.13.59, 0.13.58, 0.13.57, 0.13.56 permite a atacantes remotos provocar una denegación de servicio (caída) en un archivo ZIP manipulado"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.56:*:*:*:*:*:*:*","matchCriteriaId":"12D4D396-32C4-4801-AC28-B7164A68EB23"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.57:*:*:*:*:*:*:*","matchCriteriaId":"090AACFE-3609-40B8-962B-7C11A9F11504"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.58:*:*:*:*:*:*:*","matchCriteriaId":"EA7254FC-BFC6-4383-84F7-A3097E351584"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.59:*:*:*:*:*:*:*","matchCriteriaId":"BDB2A794-A1FB-448C-9664-C1DCE869A7F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.60:*:*:*:*:*:*:*","matchCriteriaId":"B83A2898-F630-481C-8BE9-EBD508E76BF2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.61:*:*:*:*:*:*:*","matchCriteriaId":"DA32F25B-8687-4307-890C-0714EF19ADA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5977","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted ZIP file."},{"lang":"es","value":"La función zzip_mem_entry_extra_block en memdisk.c en zziplib 0.13.62 permite a atacantes remotos provocar una denegación de servicio (lectura de memoria no válida y caída) a través de un archivo ZIP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/14/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5978","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file."},{"lang":"es","value":"La función zzip_mem_entry_new en memdisk.c en zziplib 0.13.62 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un archivo ZIP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5979","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.290","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file."},{"lang":"es","value":"La función prescan_entry en fseeko.c en zziplib 0.13.62 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo ZIP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5980","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file."},{"lang":"es","value":"La función zzip_mem_entry_new en memdisk.c en zziplib 0.13.62 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un archivo ZIP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5981","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T15:59:01.353","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file."},{"lang":"es","value":"seeko.c en zziplib 0.13.62 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y caída) a través de un archivo ZIP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-617"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gdraheim:zziplib:0.13.62:*:*:*:*:*:*:*","matchCriteriaId":"40BAF233-EBA3-47A9-8ABF-8C96A5241675"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3878","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96268","source":"cve@mitre.org"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3878","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96268","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2685","sourceIdentifier":"productcert@siemens.com","published":"2017-03-01T17:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (including) and 2.0.6 (excluding) and between 3.0.4.00.032 (including) and 3.0.6 (excluding) contain a vulnerability that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle (MITM) attack."},{"lang":"es","value":"Siemens SenUMERIK entegrate Operate Clients en versiones entre 2.0.3.00.016 (incluida) y 2.0.6 (excluida) y en versiones entre 3.0.4.00.032 (incluida) y 3.0.6 (excluida) contienen una vulnerabilidad que podría permitir a un atacante leer y manipular datos en sesiones TLS cuando interpreta un ataque a man-in-the-middle (MITM)"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":7.4,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"productcert@siemens.com","type":"Secondary","description":[{"lang":"en","value":"CWE-693"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinumerik_integrate_access_mymachine\\/ethernet:-:*:*:*:*:*:*:*","matchCriteriaId":"ECD7B773-A606-404F-A7A2-C78650CD2571"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinumerik_integrate_operate_client:2.0.3.00.016:*:*:*:*:*:*:*","matchCriteriaId":"679949AD-5709-4393-8E3C-3370C8450EB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinumerik_integrate_operate_client:3.0.4.00.032:*:*:*:*:*:*:*","matchCriteriaId":"7E3D02F5-B1DE-457F-9F55-F1B8B8A2A20D"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinumerik_operate:4.5:sp6:*:*:*:*:*:*","matchCriteriaId":"C0BE905B-E687-4CE4-9BF3-89B670D8EE6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:siemens:sinumerik_operate:4.7:sp2:*:*:*:*:*:*","matchCriteriaId":"80D41351-0B3D-40E3-90C0-B7D30934F47C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96519","source":"productcert@siemens.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf","source":"productcert@siemens.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96519","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-934525.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10151","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.160","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary."},{"lang":"es","value":"La función hesiod_enit en lib / hesiod.c en Hesiod 3.2.1 compara EUID con UID para determinar si se utilizan configuraciones de variables de entorno, lo que permite a usuarios locales obtener privilegios a través de variable de entorno (1) HESIOD_CONFIG o (2) HES_DOMA y aprovechando cierto binario SUID/SGUID."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hesiod_project:hesiod:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"F9952D5F-1E74-4263-B36A-EE56349C9FC7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90952","source":"cve@mitre.org"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332508","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/achernya/hesiod/pull/9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201805-01","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/21/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/90952","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1332508","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/achernya/hesiod/pull/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201805-01","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5374","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry."},{"lang":"es","value":"NetApp Data ONTAP 9.0 y 9.1 en versiones anteriores a 9.1P1 permite a usuarios remotos autenticados que poseen datos alojados en SMB anfitrión eludir las restricciones de uso compartido previstas aprovechando el manejo inadecuado de la entrada ACL de derechos de propietario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_ontap:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DCF17E65-F9FB-47C3-96DB-B01FC49F803F"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:data_ontap:9.1:*:*:*:*:*:*:*","matchCriteriaId":"6F2CB857-D44A-4726-9E72-0FAAA4BE5E74"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96524","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96524","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/ka51A00000007IBQAY/NTAP-20170228-0002?language=en_US","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-6485","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The __construct function in Framework/Encryption/Crypt.php in Magento 2 uses the PHP rand function to generate a random number for the initialization vector, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by guessing the value."},{"lang":"es","value":"La función __construct en Framework/Encryption/Crypt.php en Magento 2 usa la función rand de PHP para generar un número aleatorio para el vector de inicialización lo que hace más fácil para los atacantes remotos derrotar los mecanismos de protección criptográfica por el valor guesseng."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-327"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:magento:magento2:-:*:*:*:*:*:*:*","matchCriteriaId":"78F0126A-59EF-4AFC-B9BE-8F1764743FC4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/27/14","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/magento/magento2/pull/15017","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2016/07/19/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/27/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/magento/magento2/pull/15017","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-9830","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows remote attackers to cause a denial of service (crash) via large dimensions in a jpeg image."},{"lang":"es","value":"La función MagickRealloc en memory.c en Graphicsmagick 1.3.25 permite a atacantes remotos provocar una denegación de servicio (caída) a través de una imagen jpeg de grandes dimensiones."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:graphicsmagick:graphicsmagick:1.3.25:*:*:*:*:*:*:*","matchCriteriaId":"42C41978-F9EF-4C9A-9E52-2F1391BA684B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]}],"references":[{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/5","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94625","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401536","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://hg.code.sf.net/p/graphicsmagick/code/rev/38d0f281e8c8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00141.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2016/dsa-3746","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/05/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/94625","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1401536","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2017-5995","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2.1 might allow remote attackers to obtain sensitive information via unspecified vectors."},{"lang":"es","value":"La utilidad de administración NetApp ONTAP Select Deploy 2.0 hasta la versión 2.2.1 podrían permitir a atacantes remotos obtener información sensible a través de vectores no especificados."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:2.0:*:*:*:*:*:*:*","matchCriteriaId":"55DB8A48-C0F7-4190-A016-41AFE6DE6202"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:2.1:*:*:*:*:*:*:*","matchCriteriaId":"C7334D06-F741-4776-82C5-9E9C1A473D04"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:2.2:*:*:*:*:*:*:*","matchCriteriaId":"843F7429-92B2-48FD-96B7-63D5CCBF36DF"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:2.2.1:*:*:*:*:*:*:*","matchCriteriaId":"09EEAE74-626F-407A-92C7-FF1073E023A6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96522","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20170228-0001","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96522","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.netapp.com/support/s/article/NTAP-20170228-0001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6345","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls."},{"lang":"es","value":"El subsistema LLC en el kernel de Linux en versiones anteriores a 4.9.13 no garantiza que exista cierto destructor en las circunstancias requeridas, lo que permite a usuarios locales provocar una denegación de servicio (BUG_ON) o posiblemente tener otro impacto no especificado a través de llamadas al sistema manipuladas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.12","matchCriteriaId":"BDE2E7F2-434A-4283-B0EA-25ACBCF7C4BF"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96510","source":"cve@mitre.org"},{"url":"https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96510","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6346","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.410","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls."},{"lang":"es","value":"Condición de carrera en net/packet/af_packet.c en el kernel de Linux en versiones anteriores a 4.9.13 permite a usuarios locales provocar una denegación de servicio (uso después de liberación de memoria) o la posibilidad de tener otro impacto no especificado a través de una aplicación multihilo que realizada llamadas al sistema PACKET_FANOUT setsockopt."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"},{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1","versionEndExcluding":"3.2.87","matchCriteriaId":"52076DAA-CEE4-431B-95EC-97F8B00BC606"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.3","versionEndExcluding":"3.10.106","matchCriteriaId":"3116EF11-56E7-4D40-9FD0-6109280D0247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.11","versionEndExcluding":"3.12.71","matchCriteriaId":"714101BC-5F00-4257-A007-F21269AE5AC1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.13","versionEndExcluding":"3.16.42","matchCriteriaId":"AF664753-05DC-4D55-B3B2-0DABB1E59297"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.17","versionEndExcluding":"4.1.49","matchCriteriaId":"F778EE12-46E8-450C-B643-B41A1B2A8A0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.2","versionEndExcluding":"4.4.52","matchCriteriaId":"87F9D322-C14F-4E7A-BA48-87789CAC2DA7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.13","matchCriteriaId":"B5EFB5B2-2EEC-4D04-925A-77FBE0E5E76C"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96508","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-09-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d199fab63c11998a602205f7ee7ff7c05c97164b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96508","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/d199fab63c11998a602205f7ee7ff7c05c97164b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-09-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6347","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.533","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission."},{"lang":"es","value":"La función ip_cmsg_recv_checksum en net/ipv4/ip_sockglue.c en el kernel de Linux en versiones anteriores a 4.10.1 tiene expectativas incorrectas sobre la disposición de datos skb, lo que permite a usuarios locales provocar una denegación de servicio (sobre lectura de búfer) o la posibilidad de tener otro impacto no especificado a través de llamadas al sistema manipulado, como lo demuestra el uso de indicadores MSG_MORE en conjunción con la trasmisión del bucle de retorno UDP."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.4.52","matchCriteriaId":"9B08392D-7EBB-471B-958A-0E2AF5FD9D53"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.9.13","matchCriteriaId":"B5EFB5B2-2EEC-4D04-925A-77FBE0E5E76C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.10.1","matchCriteriaId":"C442A2B0-4C57-4B2D-A025-A36289D8D797"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96487","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427984","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96487","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1427984","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/torvalds/linux/commit/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6348","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.613","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices."},{"lang":"es","value":"La función hashben_delete en net/irda/irqueue.c en el kernel de Linux en versiones anteriores a 4.9.13 administra incorrectamente el soltado del bloqueo, lo que permite a usuarios locales provocar una denegación de servicio (punto muerto) a través de operaciones manipuladas en los dispositivos IrDA."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.9.12","matchCriteriaId":"BDE2E7F2-434A-4283-B0EA-25ACBCF7C4BF"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96483","source":"cve@mitre.org"},{"url":"https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"cve@mitre.org"},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/28/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96483","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://usn.ubuntu.com/3754-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6353","sourceIdentifier":"cve@mitre.org","published":"2017-03-01T20:59:00.720","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986."},{"lang":"es","value":"net/sctp/socket.c en el kernel de Linux en versiones hasta 4.10.1 no restringe adecuadamente las operaciones de despegue de la asociación durante varios estados de espera, lo que permite a usuarios locales provocar una denegación de servicio (desbloqueo no válido y liberación doble) a través de una aplicación multihilo. NOTA: esta vulnerabilidad existe debido a una solución incorrecta de CVE-2017-5986."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:N/A:C","baseScore":4.9,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndIncluding":"4.10","matchCriteriaId":"2C6A54A5-8237-4993-BE98-3D8F721AB77D"}]}]}],"references":[{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/27/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96473","source":"cve@mitre.org"},{"url":"https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3804","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2017/02/27/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96473","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-2879","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341."},{"lang":"es","value":"IBM QRadar 7.2 utiliza algoritmos de hashing obsoletos para hash ciertas contraseñas, lo que podría permitir a un usuario local obtener y descifrar credenciales de usuario. Referencia de IBM: 1997341."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7C137959-2279-4459-8A10-43AFE09E2641"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"39D53329-E729-43C1-8C67-EFA4C3F7BFBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9FC4EDCA-DF37-4366-B944-F342FA55EEFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*","matchCriteriaId":"09D0DA15-7DC3-4B1E-9CD9-EFC7FE4C0FEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*","matchCriteriaId":"76CA942D-70AD-4E0D-A28E-443FB7140A54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*","matchCriteriaId":"E6BE1C0B-DCDE-40E9-80AE-F9117FA23F68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*","matchCriteriaId":"CE8844C7-52E1-45A0-AC51-B6F6F14DE38A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:*:*:*:*:*:*:*","matchCriteriaId":"5382FD46-85CB-460F-8AA5-163EA26F34B6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997341","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96502","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997341","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96502","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-2880","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340."},{"lang":"es","value":"IBM QRadar 7.2 almacena la clave de cifrado utilizada para cifrar la contraseña de la cuenta de servicio que puede ser obtenida por un usuario local. Referencia de IBM: 1997340."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*","matchCriteriaId":"7C137959-2279-4459-8A10-43AFE09E2641"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*","matchCriteriaId":"39D53329-E729-43C1-8C67-EFA4C3F7BFBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*","matchCriteriaId":"9FC4EDCA-DF37-4366-B944-F342FA55EEFD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*","matchCriteriaId":"09D0DA15-7DC3-4B1E-9CD9-EFC7FE4C0FEA"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*","matchCriteriaId":"76CA942D-70AD-4E0D-A28E-443FB7140A54"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*","matchCriteriaId":"E6BE1C0B-DCDE-40E9-80AE-F9117FA23F68"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*","matchCriteriaId":"CE8844C7-52E1-45A0-AC51-B6F6F14DE38A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:*:*:*:*:*:*:*","matchCriteriaId":"5382FD46-85CB-460F-8AA5-163EA26F34B6"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997340","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96614","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21997340","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96614","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-5932","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.227","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1998294."},{"lang":"es","value":"BM Connections 4.0, 4.5, 5.0 y 5.5 son vulnerables a XSS. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz web alterando así la funcionalidad prevista que podría conducir a la divulgación de credenciales dentro de una sesión de confianza. Referencia de IBM: 1998294."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.0:*:*:*:*:*:*:*","matchCriteriaId":"EDBEAD70-A16A-4618-994A-455A16F0A02F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:4.5:*:*:*:*:*:*:*","matchCriteriaId":"D749AA83-99AF-49CD-B9E0-09F667E907E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.0:*:*:*:*:*:*:*","matchCriteriaId":"6F522A3A-A452-4D8F-B7A0-3AC80A0DD4AE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:connections:5.5.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B309632B-7039-4E34-8766-96ECF00D5F34"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998294","source":"psirt@us.ibm.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96453","source":"psirt@us.ibm.com"},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21998294","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96453","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2016-8232","sourceIdentifier":"psirt@lenovo.com","published":"2017-03-01T21:59:00.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information."},{"lang":"es","value":"Vulnerabilidad de XSS basada en Document Object Model-(DOM) en Advanced Management Module (AMM) versiones anteriores a 66Z de Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 permite a un atacante no autenticado con acceso a la dirección IP de AMM mandar una URL manipulada que podría inyectar un scrip malicioso para acceder a los datos AMM de un usuario como cookies u otra información de la sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:ibm:advanced_management_module_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"734EBD6A-8615-4B4A-A1A9-EB603B1276E0"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:advanced_management_module:-:*:*:*:*:*:*:*","matchCriteriaId":"357307A8-421E-4433-A985-505565B0830A"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:bladecenter:hs22:*:*:*:*:*:*:*","matchCriteriaId":"1052332C-2892-4E69-8180-305039D6AF20"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:bladecenter:hs22v:*:*:*:*:*:*:*","matchCriteriaId":"1245D63B-4A91-4934-8DD8-49B4A10F33A0"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:bladecenter:hs23:*:*:*:*:*:*:*","matchCriteriaId":"A633BBA0-4330-41DE-AAAE-D568D9E7442D"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:bladecenter:hs23e:*:*:*:*:*:*:*","matchCriteriaId":"8644F48F-5032-48CB-B921-0CCC8E233347"},{"vulnerable":false,"criteria":"cpe:2.3:h:ibm:bladecenter:hx5:*:*:*:*:*:*:*","matchCriteriaId":"929B68CB-91CD-40EB-87A0-BD66E25922E7"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95839","source":"psirt@lenovo.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/121443","source":"psirt@lenovo.com","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/product_security/LEN-5700","source":"psirt@lenovo.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95839","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/121443","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://support.lenovo.com/us/en/product_security/LEN-5700","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9992","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud 9.0 y 10.0.0 es vulnerable a inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end. Referencia de IBM: 1992067."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9993","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.303","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud 9.0 y 10.0.0 es vulnerable a inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end. Referencia de IBM: 1992067."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.1:*:*:*:*:*:*:*","matchCriteriaId":"386DCD93-6F6E-4C6A-8381-12CBE4D4BAB7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.2:*:*:*:*:*:*:*","matchCriteriaId":"FA364F9B-AE53-402F-8FA9-EFDB45435964"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21992067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-9994","sourceIdentifier":"psirt@us.ibm.com","published":"2017-03-01T21:59:00.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805."},{"lang":"es","value":"IBM Kenexa LCMS Premier en Cloud 9.0 y 10.0.0 es vulnerable a inyección SQL. Un atacante remoto podría enviar sentencias SQL especialmente manipuladas, lo que podría permitir al atacante ver, agregar, modificar o eliminar información en la base de datos back-end. Referencia de IBM: 1976805."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.0:*:*:*:*:*:*:*","matchCriteriaId":"1F37320E-082E-4B07-BDC2-AAB06273AE1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.1:*:*:*:*:*:*:*","matchCriteriaId":"0B5A416C-F511-4016-B04E-1C8030755234"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2:*:*:*:*:*:*:*","matchCriteriaId":"424A977D-F0E8-4A5E-974A-62676F17599D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.2.1:*:*:*:*:*:*:*","matchCriteriaId":"BC1D6409-70BC-4ED0-A9A9-1A83EE61719D"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.3:*:*:*:*:*:*:*","matchCriteriaId":"EA2557BE-4B29-4125-A39A-287F9F9FB6A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.4:*:*:*:*:*:*:*","matchCriteriaId":"764D4D62-19BA-4DE7-A2D8-233C45CA26B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:9.5:*:*:*:*:*:*:*","matchCriteriaId":"3037BB6F-26C8-4F39-9FB5-1EF592E46B36"},{"vulnerable":true,"criteria":"cpe:2.3:a:ibm:kenexa_lcms_premier:10.0:*:*:*:*:*:*:*","matchCriteriaId":"E386AA38-B144-43F7-9790-8C79B5FC88E5"}]}]}],"references":[{"url":"http://www.ibm.com/support/docview.wss?uid=swg21976805","source":"psirt@us.ibm.com","tags":["Patch","Vendor Advisory"]},{"url":"http://www.ibm.com/support/docview.wss?uid=swg21976805","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-3826","sourceIdentifier":"psirt@cisco.com","published":"2017-03-01T21:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) with software before 1.1(1a) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial of service (DoS) condition. The vulnerability is due to incomplete validation of SCTP packets being monitored on the NGA data ports. An attacker could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port. SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability. An exploit could allow the attacker to cause the appliance to become unresponsive or reload, causing a DoS condition. User interaction could be needed to recover the device using the reboot command from the CLI. The following Cisco NetFlow Generation Appliances are vulnerable: NGA 3140, NGA 3240, NGA 3340. Cisco Bug IDs: CSCvc83320."},{"lang":"es","value":"Una vulnerabilidad en el decodificador Stream Control Transmission Protocol (SCTP) de Cisco NetFlow Generation Appliance (NGA) con software anterior a 1.1 (1a) podría permitir a un atacante remoto no autenticado hacer que el dispositivo se bloquee o se vuelva a cargar inesperadamente, provocando una condición de denegación de servicio (DoS). La vulnerabilidad se debe a validación incompleta de los paquetes SCTP que se supervisan en los puertos de datos NGA. Un atacante podría explotar esta vulnerabilidad enviando paquetes SCTP malformados en una red supervisada por un puerto de datos NGA. Los paquetes SCTP dirigidos a la dirección IP de la propia NGA no desencadenarán esta vulnerabilidad. Un exploit podría permitir al atacante hacer que el aparato no respondiera o se volviera a cargar, provocando una condición DoS. La interacción del usuario podría ser necesaria para recuperar el dispositivo utilizando el comando de reinicio de la CLI. Los siguientes Cisco NetFlow Generation Appliances son vulnerables: NGA 3140, NGA 3240, NGA 3340. ID de error de Cisco: CSCvc83320."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-399"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:netflow_generation_appliance_software:1.0\\(2\\):*:*:*:*:*:*:*","matchCriteriaId":"A4284E54-D684-4F20-9194-ACC518ED8DA9"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:netflow_generation_appliance_software:1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6E2DEB44-C42A-458D-A928-E0EDCCAEC2A0"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:netflow_generation_appliance_software:1.1\\(1\\):*:*:*:*:*:*:*","matchCriteriaId":"78B80540-0E68-40F9-9F5C-72A2EADBAA17"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:netflow_generation_appliance_software:1.1.0:*:*:*:*:*:*:*","matchCriteriaId":"42F4FE56-E356-4D43-8A86-9B7275E31EB5"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:netflow_generation_appliance_3140:-:*:*:*:*:*:*:*","matchCriteriaId":"E638C77E-687D-46CE-8292-21A9DD4A0840"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:netflow_generation_appliance_3240:-:*:*:*:*:*:*:*","matchCriteriaId":"C943D689-DE63-48CD-9525-6F5ED76D7232"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:netflow_generation_appliance_3340:-:*:*:*:*:*:*:*","matchCriteriaId":"BC74CF47-E40B-4AE4-8AEC-C84A06EA452A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96509","source":"psirt@cisco.com"},{"url":"http://www.securitytracker.com/id/1037938","source":"psirt@cisco.com"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-nga","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96509","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037938","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170301-nga","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-8233","sourceIdentifier":"psirt@lenovo.com","published":"2017-03-01T22:59:00.170","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user."},{"lang":"es","value":"Archivos de registro generados por Lenovo XClarity Administrator (LXCA) versiones anteriores a 1.2.2 podría contener credenciales de un usuario en un formulario de texto no seguro y claro que podría ser visto por un usuario no privilegiado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-532"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lenovo:xclarity_administrator:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.1","matchCriteriaId":"1E17EC95-655F-466B-BE62-788E099E105C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/95992","source":"psirt@lenovo.com"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-11635","source":"psirt@lenovo.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/95992","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.lenovo.com/us/en/product_security/LEN-11635","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10228","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T01:59:00.143","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service."},{"lang":"es","value":"El programa iconv de la Biblioteca C de GNU (tambíen conocido como glibc o libc6) versión 2.31 y anteriores, cuando es invocado con múltiples sufijos en la codificación de destino (TRANSLATE o IGNORE) junto con la opción -c, entra en un bucle infinito al procesar secuencias de entrada multibyte inválidas, lo que lleva a una denegación de servicio."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","versionEndIncluding":"2.25","matchCriteriaId":"9C3B907D-79AF-44AC-BD23-C369CD6AE173"}]}]}],"references":[{"url":"http://openwall.com/lists/oss-security/2017/03/01/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96525","source":"cve@mitre.org"},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"cve@mitre.org"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/202101-20","source":"cve@mitre.org"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19519","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21","source":"cve@mitre.org"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26224","source":"cve@mitre.org"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"cve@mitre.org"},{"url":"http://openwall.com/lists/oss-security/2017/03/01/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96525","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202101-20","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19519","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26224","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6319","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T01:59:00.173","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted DEX file."},{"lang":"es","value":"La función dex_parse_debug_item en libr/bin/p/bin_dex.c en radare2 1.2.1 permite a atacantes remotos provocar una denegación de servicio (desbordamiento de búfer y caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un archivo DEX manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1E2BB74D-D369-43D4-9EDB-3F0DD27091B0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96520","source":"cve@mitre.org"},{"url":"https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radare/radare2/issues/6836","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96520","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radare/radare2/issues/6836","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6387","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T01:59:00.220","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file."},{"lang":"es","value":"La función dex_loadcode en libr/bin/p/bin_dex.c en radare2 1.2.1 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de la aplicación) a través de un archivo DEX manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1E2BB74D-D369-43D4-9EDB-3F0DD27091B0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96521","source":"cve@mitre.org"},{"url":"https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radare/radare2/issues/6857","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96521","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radare/radare2/issues/6857","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6415","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T01:59:00.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DEX file."},{"lang":"es","value":"La función dex_parse_debug_item en libr/bin/p/bin_dex.c en radare2 1.2.1 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de la aplicación) a través de un archivo DEX manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:radare:radare2:1.2.1:*:*:*:*:*:*:*","matchCriteriaId":"1E2BB74D-D369-43D4-9EDB-3F0DD27091B0"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96523","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/radare/radare2/issues/6872","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radareorg/radare2/commit/68338b71a563b24e62617bb629059adc0c94b230","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96523","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/radare/radare2/issues/6872","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/radareorg/radare2/commit/68338b71a563b24e62617bb629059adc0c94b230","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8994","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode (\"opcode\" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database."},{"lang":"es","value":"Se ha descubierto un problema en PHP 5.x y 7.x, cuando la configuración utiliza apache2handler/mod_php o php-fpm con OpCache habilitado. Con 5.x después de la versión 5.6.28 o 7.x después de la versión 7.0.13, el problema se resuelve en una configuración no predeterminada con el ajuste opcache.validate_permission=1. Los detalles de la vulnerabilidad son los siguientes. En PHP SAPIs donde los intérpretes PHP comparten un proceso padre común, Zend OpCache crea un objeto de memoria compartido propiedad del padre común durante la inicialización. Los procesos Child PHP heredan el descriptor SHM, usándolo para almacenar en caché y recuperar la secuencia de comandos de bytecode (\"opcode\" en jerga PHP ). Las claves de caché varían dependiendo de la configuración, pero el nombre del archivo es un componente clave central y el código de operación compilado puede ejecutarse generalmente si un nombre de archivo de la secuencia de comandos es conocido o puede ser adivinado. Muchas configuraciones comunes de alojamiento compartido cambian el EUID en los procesos hijo para forzar la separación de privilegios entre los usuarios invitados (por ejemplo usando mod_ruid2 para el servidor HTTP de Apache o la configuración de usuario php-fpm). En estos escenarios, el comportamiento predeterminado de Zend OpCache invalida los permisos del archivo de secuencia de comandos compartiendo una sola caché SHM entre todos los procesos hijo PHP. Las secuencias de comandos PHP a menudo contiene información sensible: las configuraciones de Think of CMS donde leen o ejecutan las secuencias de comandos de otros usuarios generalmente significa obtener privilegios de la base de datos CMS."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.6.29","matchCriteriaId":"0B8F76E6-7BD5-4532-B99E-25CE01A739B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.14","matchCriteriaId":"1CEBCBE0-832F-4164-BAA8-63ACC07AF862"}]}]}],"references":[{"url":"http://marc.info/?l=php-internals&m=147876797317925&w=2","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://marc.info/?l=php-internals&m=147921016724565&w=2","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://openwall.com/lists/oss-security/2017/02/28/1","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://seclists.org/oss-sec/2016/q4/343","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/oss-sec/2017/q1/520","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=69090","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"https://ma.ttias.be/a-better-way-to-run-php-fpm/","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://marc.info/?l=php-internals&m=147876797317925&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://marc.info/?l=php-internals&m=147921016724565&w=2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://openwall.com/lists/oss-security/2017/02/28/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://seclists.org/oss-sec/2016/q4/343","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://seclists.org/oss-sec/2017/q1/520","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://bugs.php.net/bug.php?id=69090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"https://ma.ttias.be/a-better-way-to-run-php-fpm/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6062","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.230","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an \"OIDCUnAuthAction pass\" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic."},{"lang":"es","value":"El módulo \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (también conocido como mod_auth_openidc) en versiones anteriores a 2.1.5 para el servidor HTTP de Apache no omite cabeceras OIDC_CLAIM_ y OIDCAuthNHeader en una configuración \"OIDCUnAuthAction pass\", lo que permite a atacantes remotos eludir la autenticación a través de tráfico HTTP manipulado"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.4","matchCriteriaId":"43366310-2BC3-4C85-8CF8-85E2AA63C95D"}]}]}],"references":[{"url":"https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/issues/222","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.5","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/","source":"cve@mitre.org"},{"url":"https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/issues/222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6384","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.263","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8."},{"lang":"es","value":"Fuga de memoria en la función login_user en saslserv/main.c en saslserv/main.so en Atheme 7.2.7 permite a atacantes remotos no autenticados consumir memoria y provocar una denegación de servicio. Esto se soluciona en la versión 7.2.8."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atheme:atheme:7.2.7:*:*:*:*:*:*:*","matchCriteriaId":"4B575565-065F-439D-8A41-33F4ECD387E6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96552","source":"cve@mitre.org"},{"url":"https://github.com/atheme/atheme/pull/539","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/atheme/atheme/releases/tag/v7.2.8","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96552","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/atheme/atheme/pull/539","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/atheme/atheme/releases/tag/v7.2.8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6390","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.293","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"whatanime.ga-master/index.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en whatanime.ga en versiones anteriores a c334dd8499a681587dd4199e90b0aa0eba814c1d. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"whatanime.ga-master/index.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:soruly:whatanime.ga:*:*:*:*:*:*:*:*","versionEndIncluding":"34c7155c6fd82b7746fe8b56eb89bf278553c421","matchCriteriaId":"ABABCDB9-4D09-4BD6-8F27-4F300A88FDA2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96555","source":"cve@mitre.org"},{"url":"https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/soruly/whatanime.ga/issues/8","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96555","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/soruly/whatanime.ga/commit/c334dd8499a681587dd4199e90b0aa0eba814c1d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/soruly/whatanime.ga/issues/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6391","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"admin_console/web/tools/SimpleJWPlayer.php\" URL, the \"admin_console/web/tools/AkamaiBroadcaster.php\" URL, the \"admin_console/web/tools/bigRedButton.php\" URL, and the \"admin_console/web/tools/bigRedButtonPtsPoc.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en el servidor Lynx-12.11.0 de Kaltura. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"admin_console/web/tools/SimpleJWPlayer.php\", la URL \"admin_console/web/tools/AkamaiBroadcaster.php\", la URL \"admin_console/web/tools/bigRedButton.php\" y la URL \"admin_console/web/tools/bigRedButtonPtsPoc.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*","versionEndIncluding":"lynx-12.11.0","matchCriteriaId":"9736FE19-44FC-41B0-8C43-290446A87E2D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96534","source":"cve@mitre.org"},{"url":"https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/kaltura/server/issues/5300","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96534","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/kaltura/server/issues/5300","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6392","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.370","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en el servidor Lynx-12.11.0 de Kaltura. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kaltura:kaltura_server:*:*:*:*:*:*:*:*","versionEndIncluding":"lynx-12.11.0","matchCriteriaId":"9736FE19-44FC-41B0-8C43-290446A87E2D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96534","source":"cve@mitre.org"},{"url":"https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/kaltura/server/issues/5303","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96534","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/kaltura/server/issues/5303","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6393","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"nagvis-master/share/userfiles/gadgets/std_table.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en NagVis 1.9b12. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"nagvis-master/share/userfiles/gadgets/std_table.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nagvis:nagvis:1.9:b12:*:*:*:*:*:*","matchCriteriaId":"152DFC44-9BEA-426B-9B5A-C735E9352893"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96537","source":"cve@mitre.org"},{"url":"https://github.com/NagVis/nagvis/issues/91","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96537","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/NagVis/nagvis/issues/91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6394","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the \"openemr-master/gacl/admin/object_search.php\" URL (section_value; src_form). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en OpenEMR 5.0.1-dev. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"openemr-master/gacl/admin/object_search.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:open-emr:openemr:5.0.1:dev:*:*:*:*:*:*","matchCriteriaId":"8368097F-B0B9-4AF6-9D02-E44D6C610AEA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96539","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96576","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/openemr/openemr/issues/498","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96539","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96576","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/openemr/openemr/issues/498","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6395","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.450","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en HashOver 2.0. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL 'hashover/secuencia de comandoss/widget-output.php'. Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashover_project:hashover:2.0:*:*:*:*:*:*:*","matchCriteriaId":"FC124C78-5834-4883-B651-406FF118009F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96550","source":"cve@mitre.org"},{"url":"https://github.com/jacobwb/hashover-next/issues/152","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96550","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/jacobwb/hashover-next/issues/152","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6396","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"webpagetest-master/www/compare-cf.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en WPO-Foundation WebPageTest 3.0. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario pasados a la URL \"webpagetest-master/www/compare-cf.php\". Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webpagetest_project:webpagetest:3.0:*:*:*:*:*:*:*","matchCriteriaId":"F549C377-BC4B-4050-B3DF-D671A009556A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96553","source":"cve@mitre.org"},{"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6396.md","source":"cve@mitre.org"},{"url":"https://github.com/WPO-Foundation/webpagetest/issues/820","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96553","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/WPO-Foundation/webpagetest/issues/820","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6397","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.513","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several *-sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Se ha descubierto un problema en FlightAirMap v1.0-beta.10. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario en múltiples parámetros pasados a varias páginas *-sub-menu.php. Un atacante podría ejecutar código HTML y secuencia de comandos arbitrario en un buscador en el contexto de un sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flightairmap:flightairmap:1.0:beta10:*:*:*:*:*:*","matchCriteriaId":"1D486A54-A2FD-4A88-91FE-0071A0433A4A"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96551","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Ysurac/FlightAirMap/issues/275","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96551","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Ysurac/FlightAirMap/issues/275","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6399","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.543","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.1","matchCriteriaId":"6B8C34AB-3048-4751-8D54-3EA11B7BC205"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"7.7.1","matchCriteriaId":"08683091-39C7-434B-9DD7-1D4EE92A8AC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"5E2B28AB-46AF-4AAF-8F64-49FADA1E8211"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96490","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96490","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6400","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged command execution on NetBackup Server and Client can occur (on the local system)."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución privilegiada de comandos en NetBackup Server y Client (en el sistema local)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.1","matchCriteriaId":"6B8C34AB-3048-4751-8D54-3EA11B7BC205"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"7.7.1","matchCriteriaId":"08683091-39C7-434B-9DD7-1D4EE92A8AC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"5E2B28AB-46AF-4AAF-8F64-49FADA1E8211"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96484","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96484","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6401","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.590","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. Puede ocurrir ejecución local arbitraria de comandos cuando se utiliza bpcd y bpnbat."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-269"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96493","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96493","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6402","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir la denegación de servicio que afecte al servidor NetBackup."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96485","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96485","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6403","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.667","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup Appliance Before 3.0. NetBackup Cloud Storage Service uses a hardcoded username and password."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 8.0 y NetBackup Appliance en versiones anteriores a 3.0. NetBackup Cloud Storage Service utiliza un nombre de usuario y contraseña codificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96500","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96500","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6404","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.793","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup Appliance Before 2.7. There are world-writable log files, allowing destruction or spoofing of log data."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7 y NetBackup Appliance en versiones anteriores a 2.7. Existen archivos de registro de escritura universal, permitiendo la destrucción o suplantación de datos de registro."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-276"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"7.6.1.2","matchCriteriaId":"3C62C533-7F68-42EB-B10F-7758EEBB4731"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.6.1.2","matchCriteriaId":"09A5F0E3-7DE8-49B2-9836-CF442BBD5E54"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96494","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96494","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6405","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.870","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Hostname-based security is open to DNS spoofing."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. La seguridad basada en nombre de host está abierta a la suplantación de DNS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-290"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96488","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6406","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:00.980","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Arbitrary privileged command execution, using whitelist directory escape with \"../\" substrings, can occur."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución arbitraria de comandos privilegiados, usando el escape del directorio de lista blanca con subcadenas \"../\"."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:access:*:*:*:*:*:*:*:*","versionEndIncluding":"7.2.1","matchCriteriaId":"6B8C34AB-3048-4751-8D54-3EA11B7BC205"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"7.7.1","matchCriteriaId":"08683091-39C7-434B-9DD7-1D4EE92A8AC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"5E2B28AB-46AF-4AAF-8F64-49FADA1E8211"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96486","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96486","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6407","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:01.073","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup Appliance Before 2.7.2. Privileged remote command execution on NetBackup Server and Client (on the server or a connected client) can occur."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup en versiones anteriores a 7.7.2 y NetBackup Appliance en versiones anteriores a 2.7.2. Puede ocurrir la ejecución remota privilegiada de comandos en NetBackup Server y Client (en el servidor o en un cliente conectado)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"7.7.1","matchCriteriaId":"08683091-39C7-434B-9DD7-1D4EE92A8AC5"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"2.7.1","matchCriteriaId":"5E2B28AB-46AF-4AAF-8F64-49FADA1E8211"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96489","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037950","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96489","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037950","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6408","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:01.120","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. A local-privilege-escalation race condition in pbx_exchange can occur when a local user connects to a socket before permissions are secured."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Puede ocurrir una condición de carrera de escalada de privilegios locales en pbx_exchange cuando un usuario local se conecta a un socket antes de que se aseguren los permisos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96491","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037950","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96491","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037950","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6409","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:01.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Unauthenticated CORBA interfaces permit inappropriate access."},{"lang":"es","value":"Se ha descubierto un problema en Veritas NetBackup 8.0 y versiones anteriores y NetBackup Appliance 3.0 y versiones anteriores. Interfaces CORBA no autenticadas permiten acceso inapropiado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup:*:*:*:*:*:*:*:*","versionEndIncluding":"8.0","matchCriteriaId":"22ACFAB5-377D-43E5-9991-5587B7829263"},{"vulnerable":true,"criteria":"cpe:2.3:a:veritas:netbackup_appliance:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0","matchCriteriaId":"5FDFE32C-CF39-4F6F-94E8-F7AF299A0ABB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96504","source":"cve@mitre.org"},{"url":"http://www.securitytracker.com/id/1037950","source":"cve@mitre.org"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96504","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securitytracker.com/id/1037950","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue11","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6410","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:01.183","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."},{"lang":"es","value":"kpac/script.cpp en KDE kio en versiones anteriores a 5.32 y kdelibs en versiones anteriores a 4.14.30 llama a la función PAC FindProxyForURL con una URL https completa (incluyendo potencialmente credenciales de autenticación básicas, una cadena de consulta o PATH_INFO), lo que permite a atacantes remotos obtener información sensible a través de un archivo PAC manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*","versionEndIncluding":"4.14.29","matchCriteriaId":"D25FB8B5-DAB7-4E0F-A943-C2527F2CF791"},{"vulnerable":true,"criteria":"cpe:2.3:a:kde:kio:*:*:*:*:*:*:*:*","versionEndIncluding":"5.31","matchCriteriaId":"E1908C05-D44E-49AB-B7C7-F750D90FB070"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3849","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96515","source":"cve@mitre.org"},{"url":"https://www.kde.org/info/security/advisory-20170228-1.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3849","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/96515","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.kde.org/info/security/advisory-20170228-1.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6413","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T06:59:01.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an \"AuthType oauth20\" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic."},{"lang":"es","value":"El módulo \"OpenID Connect Relying Party and OAuth 2.0 Resource Server\" (también conocido como mod_auth_openidc) en versiones anteriores a 2.1.6 para el servidor HTTP de Apache no omite cabeceras OIDC_CLAIM_ y OIDCAuthNHeader en una configuración \"AuthType oauth20\", lo que permite a atacantes remotos eludir autenticación a través de tráfico HTTP manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openidc:mod_auth_openidc:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.5","matchCriteriaId":"0658E71C-DBA4-445D-A78B-51CC87B4F876"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96549","source":"cve@mitre.org"},{"url":"https://access.redhat.com/errata/RHSA-2019:2112","source":"cve@mitre.org"},{"url":"https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96549","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/errata/RHSA-2019:2112","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/pingidentity/mod_auth_openidc/blob/master/ChangeLog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2V3HIGXMUKJGOBMAQAQPGC7G5YYWSUVA/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTWUMQ46GZY3O4WU4JCF333LN53R2XQH/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5228","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.267","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."},{"lang":"es","value":"Todas las ediciones de Rapid7 Metasploit anteriores a la versión 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la función Meterpreter stdapi Dir.download(). Utilizando una construcción de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecución."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*","versionEndIncluding":"4.13.19","matchCriteriaId":"F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96954","source":"cve@rapid7.com"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96954","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5229","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.500","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."},{"lang":"es","value":"Todas las ediciones de Rapid7 Metasploit anteriores a la versión 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la función Meterpreter extapi Clipboard.parse_dump(). Utilizando una construcción de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecución."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*","versionEndIncluding":"4.13.19","matchCriteriaId":"F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96954","source":"cve@rapid7.com"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96954","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5230","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.547","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure location on disk."},{"lang":"es","value":"El almacén de claves de Java en todas las versiones y ediciones de Nexpose anterior a versión 6.4.50 de Rapid7, es cifrado con una contraseña estática de “r@p1d7k3y5t0r3” que no es modificable por el usuario. El almacén de claves provee almacenamiento para las credenciales de análisis guardadas en una lugar de otro modo seguro en el disco."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.23","matchCriteriaId":"F0982147-6D64-497D-938C-754B9BEEDC2C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96956","source":"cve@rapid7.com"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50","source":"cve@rapid7.com"},{"url":"http://www.securityfocus.com/bid/96956","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]},{"url":"https://help.rapid7.com/nexpose/en-us/release-notes/#6.4.50","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5231","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.610","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."},{"lang":"es","value":"Todas las ediciones de Rapid7 Metasploit anteriores a la versión 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la función Meterpreter stdapi CommandDispatcher.cmd_download(). Utilizando una construcción de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecución."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":5.5}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:P/A:P","baseScore":5.1,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*","versionEndIncluding":"4.13.19","matchCriteriaId":"F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96954","source":"cve@rapid7.com"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96954","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5232","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.657","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"All editions of Rapid7 Nexpose installers prior to version 6.4.24 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."},{"lang":"es","value":"Todas las ediciones de los instaladores de Rapid7 Nexpose anteriores a la versión 6.4.24 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.23","matchCriteriaId":"F0982147-6D64-497D-938C-754B9BEEDC2C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96956","source":"cve@rapid7.com"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96956","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5233","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.687","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."},{"lang":"es","value":"Instaladores de Rapid7 AppSpider Pro anteriores a la versión 6.14.053 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:appspider_pro:*:*:*:*:*:*:*:*","versionEndExcluding":"6.14.053","matchCriteriaId":"6A5B1C6C-9FFB-4782-8FC8-AF1155F894F2"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96957","source":"cve@rapid7.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96957","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5234","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.737","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Rapid7 Insight Collector installers prior to version 1.0.16 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."},{"lang":"es","value":"Instaladores de Rapid7 Insight Collector anteriores a la versión 1.0.16 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:insight_collector:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.15","matchCriteriaId":"2400F268-A740-4D95-8EF4-13A7C0CFB3FD"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96545","source":"cve@rapid7.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96545","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5235","sourceIdentifier":"cve@rapid7.com","published":"2017-03-02T20:59:00.783","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."},{"lang":"es","value":"Instaladores de Rapid7 Metasploit Pro anteriores a la versión 4.13.0-2017022101 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*","versionEndIncluding":"4.13.0-2017012501","matchCriteriaId":"F6B8AF9C-AA58-448A-8264-DCC4049B8E13"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96548","source":"cve@rapid7.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"cve@rapid7.com","tags":["Mitigation","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96548","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10060","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file."},{"lang":"es","value":"La función ConcatenateImages en MagickWand/magick-cli.c en ImageMagick en versiones anteriores a 7.0.1-10 no comprueba el valor de retorno de la función fputc, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-252"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.4-1","matchCriteriaId":"9C58A952-0904-4F37-9531-56050AED9B6C"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.1-10","matchCriteriaId":"3FBA4C0C-4880-4275-82D5-404EAAE91101"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95208","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410470","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95208","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410470","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10062","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not check the return value of the fwrite function, which allows remote attackers to cause a denial of service (application crash) via a crafted file."},{"lang":"es","value":"La función ReadGROUP4Image en coders/tiff.c en ImageMagick no comprueba el valor de retorno de la función fwrite, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-388"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0.1-10","matchCriteriaId":"B8D8DC14-B31C-4256-91E3-EBA4D878C2EF"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3799","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95209","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410473","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3799","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95209","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410473","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10063","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.333","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file, related to extend validity."},{"lang":"es","value":"Desbordamiento de búfer en coders/tiff.c en ImageMagick en versiones anteriores a 6.9.5-1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener otro impacto no especificado a través de un archivo manipulado, relacionado con la extensión de la validez."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.5-0","matchCriteriaId":"5BBC402D-4DC2-4C42-A92A-9F753DD4862D"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95210","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410476","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/94936efda8aa63563211eda07a5ade92abb32f7a","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95210","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410476","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/94936efda8aa63563211eda07a5ade92abb32f7a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10064","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.380","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file."},{"lang":"es","value":"Desbordamiento de búfer en coders/tiff.c en ImageMagick en versiones anteriores a 6.9.5-1 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener otro impacto no especificado a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.5-0","matchCriteriaId":"5BBC402D-4DC2-4C42-A92A-9F753DD4862D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95211","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410478","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/63302366a63602acbaad5c8223a105811b2adddd","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95211","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/63302366a63602acbaad5c8223a105811b2adddd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10067","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.443","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving \"too many exceptions,\" which trigger a buffer overflow."},{"lang":"es","value":"magick/memory.c en ImageMagick en versiones anteriores a 6.9.4-5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de vectores que implican \"muchas excepciones\", lo que desencadena un desbordamiento de búfer."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4-4","matchCriteriaId":"CF13FBCF-4932-47D4-B303-398738E5C9EA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95220","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410494","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95220","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410494","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10068","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.490","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file."},{"lang":"es","value":"El intérprete MSL en ImageMagick en versiones anteriores a 6.9.6-4 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación y caída de aplicación) a través de un archivo XML manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.6-3","matchCriteriaId":"687107C7-3539-40D5-8C53-62554B347711"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95219","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410500","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95219","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410500","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-10069","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a mat file with an invalid number of frames."},{"lang":"es","value":"coders/mat.c en ImageMagick en versiones anteriores a 6.9.4-5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo mat con un número de marcos no válido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4-4","matchCriteriaId":"CF13FBCF-4932-47D4-B303-398738E5C9EA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"CF605E46-ADCE-45B3-BBBA-E593D3CEE2A6"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95216","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410507","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95216","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410507","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2016-10071","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T21:59:00.600","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file."},{"lang":"es","value":"coders/mat.c en ImageMagick en versiones anteriores a 6.9.4-0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de un archivo mat manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.3-10","matchCriteriaId":"9EF469CF-DE38-4068-AA0D-1E0CDDB9A765"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95222","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410513","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/1bc1fd0ff8c555841c78829217ac81fa0598255d","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95222","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410513","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/1bc1fd0ff8c555841c78829217ac81fa0598255d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6102","sourceIdentifier":"larry0@me.com","published":"2017-03-02T22:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Persistent XSS in wordpress plugin rockhoist-badges v1.2.2."},{"lang":"es","value":"XSS persistente en el plugin rockhoist-badges v1.2.2 de wordpress."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rockhoist_badges_project:rockhoist_badges_plugin:1.2.2:*:*:*:*:wordpress:*:*","matchCriteriaId":"2CCB6E5C-F6E6-42DF-B22F-D20AC15E4FC6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96533","source":"larry0@me.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=176","source":"larry0@me.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8763","source":"larry0@me.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96533","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=176","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8763","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6103","sourceIdentifier":"larry0@me.com","published":"2017-03-02T22:59:00.433","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1."},{"lang":"es","value":"Vulnerabilidad de XSS persistente en el plugin AnyVar v0.1.1 de Wordpress."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:anyvar_project:anyvar:0.1.1:*:*:*:*:wordpress:*:*","matchCriteriaId":"2909E2AF-7060-4EBB-AE8C-182DAB8360BA"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96532","source":"larry0@me.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=177","source":"larry0@me.com","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96532","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=177","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6104","sourceIdentifier":"larry0@me.com","published":"2017-03-02T22:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0."},{"lang":"es","value":"Vulnerabilidad de subida remota de archivos en el plugin Mobile App Native 3.0 de Wordpress."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-434"},{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zen_mobile_app_native_project:zen_mobile_app_native:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"3.0","matchCriteriaId":"979D06D2-71BA-466E-9723-FDAE417D5E1B"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96547","source":"larry0@me.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=178","source":"larry0@me.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8743","source":"larry0@me.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41540/","source":"larry0@me.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96547","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.vapidlabs.com/advisory.php?v=178","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://wpvulndb.com/vulnerabilities/8743","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.exploit-db.com/exploits/41540/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-9892","sourceIdentifier":"cve@mitre.org","published":"2017-03-02T23:59:00.187","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate.  NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root."},{"lang":"es","value":"El servicio esets_daemon en ESET Endpoint Antivirus para macOS en versiones anteriores a 6.4.168.0 y Endpoint Security para macOS en versiones anteriores a 6.4.168.0 no verifica adecuadamente certificados X.509 del servidor SSL edf.eset.com, lo que permite a atacantes man-in-the-middle suplantar este servidor y proporcionar respuestas manipuladas para las peticiones de activación de las licencias a través de un certificado autofirmado. NOTA: este problema puede combinarse con CVE-2016-0718 para ejecutar código arbitrario remotamente como root."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-295"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:eset:endpoint_antivirus:6.3.70.1:*:*:*:*:macos:*:*","matchCriteriaId":"22BBE000-4976-4631-B881-18A355664FB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:eset:endpoint_security:6.3.70.1:*:*:*:*:macos:*:*","matchCriteriaId":"59BA3AC3-7773-4A99-BE12-B2E88D3947EF"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/68","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://support.eset.com/ca6333/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96462","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/68","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://support.eset.com/ca6333/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96462","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2015-2877","sourceIdentifier":"cret@cert.org","published":"2017-03-03T11:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[{"sourceIdentifier":"cret@cert.org","tags":["disputed"]}],"descriptions":[{"lang":"en","value":"Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \"Basically if you care about this attack vector, disable deduplication.\" Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities"},{"lang":"es","value":"** DISPUTADA ** Kernel Samepage Merging (KSM) en el kernel de Linux 2.6.32 hasta la versión 4.x no previene el uso de un canal lateral de sincronización de escritura, lo que permite a usuarios invitados del SO derrotar el mecanismo de protección de ASLR en otras instancias invitadas del SO a través de un ataque Cross-VM ASL INtrospection (CAIN). NOTA: el vendedor afirma \"Básicamente si te preocupa este vector de ataque, inhabilita la deduplicación\". Enfoques de compartir hasta escritura para conservación de memoria entre inquilinos mutuamente desconfiados son inherentemente detectables para divulgación de información y pueden clasificarse como comportamientos potencialmente malinterpretados en lugar de vulnerabilidades."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.32","versionEndIncluding":"4.20.15","matchCriteriaId":"85A3B15D-C690-40D1-A2CE-3E2E5035DA99"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:4.0:*:*:*:*:*:*:*","matchCriteriaId":"6172AF57-B26D-45F8-BE3A-F75ABDF28F49"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*","matchCriteriaId":"1D8B549B-E57B-4DFE-8A13-CAB06B5356B3"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","matchCriteriaId":"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"142AD0DD-4CF3-4D74-9442-459CE3347E3A"}]}]}],"references":[{"url":"http://www.antoniobarresi.com/files/cain_advisory.txt","source":"cret@cert.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/935424","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/76256","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252096","source":"cret@cert.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/BGAR-A2CNKG","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH","source":"cret@cert.org","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf","source":"cret@cert.org","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.antoniobarresi.com/files/cain_advisory.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]},{"url":"http://www.kb.cert.org/vuls/id/935424","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/76256","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1252096","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.kb.cert.org/vuls/id/BGAR-A2CNKG","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.kb.cert.org/vuls/id/BLUU-9ZAHZH","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.usenix.org/system/files/conference/woot15/woot15-paper-barresi.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10127","sourceIdentifier":"security@debian.org","published":"2017-03-03T15:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response."},{"lang":"es","value":"PySAML2 permite a atacantes remotos llevar a cabo ataques de XXE a través de una solicitud o respuesta SAML XML manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pysaml2_project:pysaml2:-:*:*:*:*:*:*:*","matchCriteriaId":"8AE7B4A7-651C-4515-B003-673C4014AD63"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/19/5","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95376","source":"security@debian.org","tags":["VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b","source":"security@debian.org","tags":["Patch"]},{"url":"https://github.com/rohe/pysaml2/issues/366","source":"security@debian.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rohe/pysaml2/pull/379","source":"security@debian.org","tags":["Issue Tracking","Patch"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/19/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95376","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["VDB Entry"]},{"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850716","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/rohe/pysaml2/issues/366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/rohe/pysaml2/pull/379","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-10193","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the speak, save, bytes or bytes_wav method in lib/espeak/speech.rb."},{"lang":"es","value":"La gem espeak-ruby en versiones anteriores a 1.0.3 para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres shell en una cadena al método speak, save, bytes o bytes_wav en lib/espeak/speech.rb."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:espeak-ruby_project:espeak-ruby:*:*:*:*:*:ruby:*:*","versionEndIncluding":"1.0.2","matchCriteriaId":"EA0229AC-3D40-45CB-AC3E-67A385D49CC3"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/14","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dejan/espeak-ruby/issues/7","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/dejan/espeak-ruby/issues/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10194","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.413","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb."},{"lang":"es","value":"La gem festivaltts4r para Ruby permite a atacantes remotos ejecutar comandos arbitrarios a través de metacaracteres shell en una cadena al método (1) to_speech o (2) to_mp3 en lib/festivaltts4r/festival4r.rb."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:festivaltts4r_project:festivaltts4r:*:*:*:*:*:ruby:*:*","matchCriteriaId":"6E925112-ADB4-47FB-832C-D26C742A5DDC"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/14","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/spejman/festivaltts4r/issues/1","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/spejman/festivaltts4r/issues/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10201","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.447","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php."},{"lang":"es","value":"Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro de formato en una solicitud de registro de descarga a index.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10202","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php."},{"lang":"es","value":"Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la ruta info a index.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10203","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.523","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor."},{"lang":"es","value":"Vulnerabilidad de XSS en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre al crear un nuevo monitor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97122","source":"cve@mitre.org"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97122","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10204","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.553","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro limit en una solicitud de consulta de registro a index.php."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10205","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie."},{"lang":"es","value":"Vulnerabilidad de reparación de sesión en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos secuestrar sesiones web a través de la cookie ZMSESSID."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97116","source":"cve@mitre.org"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97116","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10206","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.617","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php."},{"lang":"es","value":"Vulnerabilidad de CSRF en Zoneminder 1.30 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que cambian contraseñas y posiblemente tener otro impacto no especificado como se demuestra por una solicitud de acción de usuario a index.php manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:*","versionEndIncluding":"1.30.0","matchCriteriaId":"9EC96EFF-9E48-4550-80A5-694E8AF0D377"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97114","source":"cve@mitre.org"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/05/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/97114","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.foxmole.com/advisories/foxmole-2016-07-05.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-2290","sourceIdentifier":"security@puppet.com","published":"2017-03-03T15:59:00.647","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On Windows installations of the mcollective-puppet-agent plugin, version 1.12.0, a non-administrator user can create an executable that will be executed with administrator privileges on the next \"mco puppet\" run. Puppet Enterprise users are not affected. This is resolved in mcollective-puppet-agent 1.12.1."},{"lang":"es","value":"En instalaciones de Windows del plugin mcollective-puppet-agent, versión 1.12.0, un usuario no administrador puede crear un ejecutable que será ejecutado con privilegios de administrador en la siguiente ejecución \"mco puppet\". Usuarios de Puppet Enterprise no están afectados. Esto está resuelto en mcollective-puppet-agent 1.12.1."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:puppet:mcollective-puppet-agent:1.12.0:*:*:*:*:puppet:*:*","matchCriteriaId":"4571FE0F-CE25-424E-B871-7342AC6CD9FA"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96583","source":"security@puppet.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2017-2290","source":"security@puppet.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96583","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://puppet.com/security/cve/cve-2017-2290","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5193","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.680","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick."},{"lang":"es","value":"La función nickcmp en Irssi en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída) a través de un mensaje sin un nick."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.21","matchCriteriaId":"58A0BEDE-EE65-44C2-A298-0F3B49C6D30E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5194","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.710","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message."},{"lang":"es","value":"Vulnerabilidad después de liberación en Irssi en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un mensaje de nick no válido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-416"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.21","matchCriteriaId":"58A0BEDE-EE65-44C2-A298-0F3B49C6D30E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5195","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.757","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code."},{"lang":"es","value":"Irssi 0.8.17 en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de un código de color ANSI x8 manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.8.17","versionEndExcluding":"0.8.21","matchCriteriaId":"63C5B709-2924-4543-B247-29B64ECA721B"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5196","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.790","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8."},{"lang":"es","value":"Irssi 0.8.18 en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de vectores que involucran cadenas que no son UTF8."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*","versionStartIncluding":"0.8.18","versionEndExcluding":"0.8.21","matchCriteriaId":"BD925A2B-A107-4215-AE96-4E43AE7CA219"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/06/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95310","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://security.gentoo.org/glsa/201701-45","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5356","sourceIdentifier":"security@debian.org","published":"2017-03-03T15:59:00.820","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Irssi before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a string containing a formatting sequence (%[) without a closing bracket (])."},{"lang":"es","value":"Irssi en versiones anteriores a 0.8.21 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída) a través de una cadena que contiene una secuencia de formato (%[) sin un cierre de paréntesis (])."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:irssi:irssi:*:*:*:*:*:*:*:*","versionEndExcluding":"0.8.21","matchCriteriaId":"58A0BEDE-EE65-44C2-A298-0F3B49C6D30E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","matchCriteriaId":"16F59A04-14CF-49E2-9973-645477EA09DA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/8","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/2","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96581","source":"security@debian.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html","source":"security@debian.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"security@debian.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/12/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/13/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96581","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"https://irssi.org/security/irssi_sa_2017_01.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2017/12/msg00022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5571","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.883","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."},{"lang":"es","value":"Vulnerabilidad de redirección abierta en el componente lmadmin en Flexera FlexNet Publisher (también conocido como Flex License Manager) 11.14.1 y versiones anteriores, como se utiliza en Citrix License Server para Windows y el Citrix License Server VPX, permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*","versionEndIncluding":"11.14.1","matchCriteriaId":"27B21AC4-B047-470E-BE67-A503B6E935A9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96028","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01","source":"cve@mitre.org"},{"url":"https://support.citrix.com/article/CTX219885","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager","source":"cve@mitre.org"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/","source":"cve@mitre.org"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96028","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.citrix.com/article/CTX219885","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5613","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.930","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file."},{"lang":"es","value":"Vulnerabilidad de cadena de formato en cgiemail y cgiecho permite a atacantes remotos ejecutar código arbitrario a través de especificadores de cadena de formato en un archivo plantilla."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-134"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*","matchCriteriaId":"EAEF91FA-A18E-4A08-8DF9-4C7ECB67EA3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*","matchCriteriaId":"DCAE56DA-A9BE-496F-8285-5BA41D6F27F7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95870","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95870","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5614","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.960","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter."},{"lang":"es","value":"Vulnerabilidad de redirección abierta en cgiemail y cgiecho permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phishing a través de vectores que involucran el parámetro (1) success o (2) failure."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","versionStartIncluding":"11.54.0.0","versionEndExcluding":"11.54.0.36","matchCriteriaId":"CA4B4DFA-B2D7-4EA7-A94A-8F60027FD024"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","versionStartIncluding":"55.9999.61","versionEndExcluding":"56.0.43","matchCriteriaId":"D11E1492-C7CE-42BA-A721-1163B4C9EA22"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","versionStartIncluding":"57.9999.48","versionEndExcluding":"58.0.43","matchCriteriaId":"8193ADD4-1299-49BA-AE70-F515F12D01D0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*","versionStartIncluding":"59.9999.58","versionEndExcluding":"60.0.35","matchCriteriaId":"EBCB32F8-DE9E-4C6E-9F5B-1629E53936B0"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95870","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95870","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5615","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:00.993","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location."},{"lang":"es","value":"cgiemail y cgiecho permiten a atacantes remotos inyectar cabeceras HTTP a través de un carácter de nueva línea en la ubicación de redireccionamiento."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-601"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*","matchCriteriaId":"EAEF91FA-A18E-4A08-8DF9-4C7ECB67EA3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*","matchCriteriaId":"DCAE56DA-A9BE-496F-8285-5BA41D6F27F7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95870","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95870","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5616","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.023","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en cgiemail y cgiecho permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro addendum."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiecho:-:*:*:*:*:*:*:*","matchCriteriaId":"EAEF91FA-A18E-4A08-8DF9-4C7ECB67EA3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cpanel:cgiemail:-:*:*:*:*:*:*:*","matchCriteriaId":"DCAE56DA-A9BE-496F-8285-5BA41D6F27F7"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95870","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/28/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/95870","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://news.cpanel.com/tsr-2017-0001-full-disclosure/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5830","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.053","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts."},{"lang":"es","value":"Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos ejecutar código arbitrario a través de datos serializados en las cookies relacionadas con las secuencias de comandos de entrega."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"A2AFEB95-E6A1-402D-972F-7E8D38B0494C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"cve@mitre.org"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5831","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.100","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Session fixation vulnerability in the forgot password mechanism in Revive Adserver before 4.0.1, when setting a new password, allows remote attackers to hijack web sessions via the session ID."},{"lang":"es","value":"Vulnerabilidad de reparación de sesión en el mecanismo de contraseña olvidada en Revive Adserver en versiones anteriores a 4.0.1, cuando se establece una nueva contraseña, permite a atacantes remotos secuestrar sesiones web a través de la ID de sesión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:N","baseScore":5.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"A2AFEB95-E6A1-402D-972F-7E8D38B0494C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"cve@mitre.org"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5832","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.133","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address."},{"lang":"es","value":"Vulnerabilidad de XSS en Revive Adserver en versiones anteriores a 4.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de la dirección de email del usuario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"A2AFEB95-E6A1-402D-972F-7E8D38B0494C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"cve@mitre.org"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5833","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.163","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters."},{"lang":"es","value":"Vulnerabilidad de XSS en la generación de código de invocación para zonas intersticiales en Revive Adserver en versiones anteriores a 4.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.0","matchCriteriaId":"A2AFEB95-E6A1-402D-972F-7E8D38B0494C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"cve@mitre.org"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95875","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.revive-adserver.com/security/revive-sa-2017-001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5834","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.197","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The parse_dict_node function in bplist.c in libplist allows attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted file."},{"lang":"es","value":"La función parse_dict_node en bplist.c en libplist permite a atacantes provocar una denegación de servicio (lectura de memoria dinámica fuera de límites y caída) a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libimobiledevice:libplist:*:*:*:*:*:*:*:*","matchCriteriaId":"70A2E6FE-8C00-4F39-953F-2E8ED3FBF332"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"cve@mitre.org"},{"url":"https://github.com/libimobiledevice/libplist/issues/89","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libimobiledevice/libplist/issues/89","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5835","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.243","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"libplist allows attackers to cause a denial of service (large memory allocation and crash) via vectors involving an offset size of zero."},{"lang":"es","value":"libplist permite a atacantes provocar una denegación de servicio (gran asignación de memoria y caída) a través de vectores que involucran un tamaño de desplazamiento de cero."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libimobiledevice:libplist:*:*:*:*:*:*:*:*","matchCriteriaId":"70A2E6FE-8C00-4F39-953F-2E8ED3FBF332"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"cve@mitre.org"},{"url":"https://github.com/libimobiledevice/libplist/issues/88","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"cve@mitre.org"},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libimobiledevice/libplist/issues/88","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/04/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5836","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.273","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free."},{"lang":"es","value":"La función plist_free_data en plist.c en libplist permite a atacantes provocar una denegación de servicio (caída) a través de vectores que involucran un nodo de entero que es tratado como una PLIST_KEY y desencadena entonces una liberación no válida."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-415"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libimobiledevice:libplist:*:*:*:*:*:*:*:*","matchCriteriaId":"70A2E6FE-8C00-4F39-953F-2E8ED3FBF332"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"cve@mitre.org"},{"url":"https://github.com/libimobiledevice/libplist/issues/86","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/31/6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/02/02/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96022","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/libimobiledevice/libplist/issues/86","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-5865","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.320","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate user names via a large number of password reset attempts."},{"lang":"es","value":"La funcionalidad de reestablecimiento de contraseña en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 envía diferentes mensajes de error dependiendo de si el nombre de usuario es válido, lo que permite a atacantes remotos enumerar nombres de usuario a través de un gran número de intentos de reestablecimiento de contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.10","matchCriteriaId":"4E2EB67F-2620-434E-9AB5-45293C019F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"7C35E22D-36A5-495B-8611-7C8B70064A2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9FBDBB20-B519-4683-BB16-63A25AE53D7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*","matchCriteriaId":"67AD973F-F06D-46C9-85EB-3521899A257B"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*","matchCriteriaId":"8098FF20-D5EA-4F72-A837-0CE7B9761974"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*","matchCriteriaId":"0930807A-BA26-4AFF-9B52-EC2EAF5A456D"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*","matchCriteriaId":"F81CD71B-7D08-485B-9042-D4CE523FEE80"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*","matchCriteriaId":"6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"25185B4F-623B-45F5-97C3-A520C96B6CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8F31B84D-7A81-426C-8C91-BF86087ED657"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B8CF3111-74DA-4644-9318-4D5CC6FBD1CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D52C26E1-C1A1-4834-84C5-C4403E1734D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*","matchCriteriaId":"377EE3A2-8105-4448-AB9E-C703513CA6CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*","matchCriteriaId":"ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*","matchCriteriaId":"ECEB63FC-724C-4FA5-A998-4549A2460A92"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8E74BD31-5BD3-40FE-93BA-CAE23DA681B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*","matchCriteriaId":"32D138CF-6623-4E1E-97DC-6DD96FE62C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*","matchCriteriaId":"578DA4AF-C61B-4796-B5BF-89701D3FB8CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96425","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-001","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96425","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-001","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5866","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.337","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors."},{"lang":"es","value":"La característica de autocompletar en el cuadro de diálogo del E-Mail en ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados obtener información sensible a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.10","matchCriteriaId":"4E2EB67F-2620-434E-9AB5-45293C019F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*","matchCriteriaId":"49E9C5BC-A6BA-4919-9934-BFAA915CC042"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*","matchCriteriaId":"34AF5397-3B98-431B-B235-424A3B6BEFAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"7C35E22D-36A5-495B-8611-7C8B70064A2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9FBDBB20-B519-4683-BB16-63A25AE53D7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*","matchCriteriaId":"67AD973F-F06D-46C9-85EB-3521899A257B"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*","matchCriteriaId":"8098FF20-D5EA-4F72-A837-0CE7B9761974"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*","matchCriteriaId":"0930807A-BA26-4AFF-9B52-EC2EAF5A456D"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*","matchCriteriaId":"F81CD71B-7D08-485B-9042-D4CE523FEE80"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*","matchCriteriaId":"6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"25185B4F-623B-45F5-97C3-A520C96B6CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8F31B84D-7A81-426C-8C91-BF86087ED657"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B8CF3111-74DA-4644-9318-4D5CC6FBD1CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D52C26E1-C1A1-4834-84C5-C4403E1734D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*","matchCriteriaId":"377EE3A2-8105-4448-AB9E-C703513CA6CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*","matchCriteriaId":"ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*","matchCriteriaId":"ECEB63FC-724C-4FA5-A998-4549A2460A92"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8E74BD31-5BD3-40FE-93BA-CAE23DA681B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*","matchCriteriaId":"32D138CF-6623-4E1E-97DC-6DD96FE62C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*","matchCriteriaId":"578DA4AF-C61B-4796-B5BF-89701D3FB8CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96426","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-002","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96426","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-002","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5867","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T15:59:01.367","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file."},{"lang":"es","value":"ownCloud Server en versiones anteriores a 8.1.11, 8.2.x en versiones anteriores a 8.2.9, 9.0.x en versiones anteriores a 9.0.7 y 9.1.x en versiones anteriores a 9.1.3 permite a usuarios remotos autenticados provocar una denegación de servicio (cuelgue del servidor e inundación de archivos de registro) a través de un archivo BMP de un bit"}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*","versionEndIncluding":"8.1.10","matchCriteriaId":"4E2EB67F-2620-434E-9AB5-45293C019F3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.0:*:*:*:*:*:*:*","matchCriteriaId":"49E9C5BC-A6BA-4919-9934-BFAA915CC042"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.1:*:*:*:*:*:*:*","matchCriteriaId":"34AF5397-3B98-431B-B235-424A3B6BEFAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"7C35E22D-36A5-495B-8611-7C8B70064A2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.3:*:*:*:*:*:*:*","matchCriteriaId":"9FBDBB20-B519-4683-BB16-63A25AE53D7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.4:*:*:*:*:*:*:*","matchCriteriaId":"67AD973F-F06D-46C9-85EB-3521899A257B"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.5:*:*:*:*:*:*:*","matchCriteriaId":"8098FF20-D5EA-4F72-A837-0CE7B9761974"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.6:*:*:*:*:*:*:*","matchCriteriaId":"0930807A-BA26-4AFF-9B52-EC2EAF5A456D"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.7:*:*:*:*:*:*:*","matchCriteriaId":"F81CD71B-7D08-485B-9042-D4CE523FEE80"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:8.2.8:*:*:*:*:*:*:*","matchCriteriaId":"6FC26723-FE1F-4C1A-AF9C-901A1A7A4DA3"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.0:*:*:*:*:*:*:*","matchCriteriaId":"25185B4F-623B-45F5-97C3-A520C96B6CA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.1:*:*:*:*:*:*:*","matchCriteriaId":"8F31B84D-7A81-426C-8C91-BF86087ED657"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.2:*:*:*:*:*:*:*","matchCriteriaId":"B8CF3111-74DA-4644-9318-4D5CC6FBD1CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.3:*:*:*:*:*:*:*","matchCriteriaId":"D52C26E1-C1A1-4834-84C5-C4403E1734D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.4:*:*:*:*:*:*:*","matchCriteriaId":"377EE3A2-8105-4448-AB9E-C703513CA6CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.5:*:*:*:*:*:*:*","matchCriteriaId":"ADF1A811-E3EF-4A4A-8F7A-C3E5DBC24159"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.0.6:*:*:*:*:*:*:*","matchCriteriaId":"ECEB63FC-724C-4FA5-A998-4549A2460A92"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.0:*:*:*:*:*:*:*","matchCriteriaId":"8E74BD31-5BD3-40FE-93BA-CAE23DA681B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.1:*:*:*:*:*:*:*","matchCriteriaId":"32D138CF-6623-4E1E-97DC-6DD96FE62C1E"},{"vulnerable":true,"criteria":"cpe:2.3:a:owncloud:owncloud:9.1.2:*:*:*:*:*:*:*","matchCriteriaId":"578DA4AF-C61B-4796-B5BF-89701D3FB8CB"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96430","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-003","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://owncloud.org/security/advisory/?id=oc-sa-2017-003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8813","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.153","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter."},{"lang":"es","value":"La función Page_Load en Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs en Umbraco en versiones anteriores a 7.4.0 permite a atacantes remotos llevar a cabo ataques de falsificación de solicitud del lado del servidor (SSRF) a través del parámetro url."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.8","matchCriteriaId":"515649F9-861D-4A20-9D67-914BE8C26CB7"}]}]}],"references":[{"url":"http://issues.umbraco.org/issue/U4-7457","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/17/1","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/17/5","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/18/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://issues.umbraco.org/issue/U4-7457","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/17/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/17/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/18/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2015-8814","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.217","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file."},{"lang":"es","value":"Umbraco en versiones anteriores a 7.4.0 permite a atacantes remotos eludir medidas de seguridad antifalsificación y llevar a cabo ataques de CSRF como se demuestra editando la información de cuenta de usuario in el archivo templates.asmx.cs."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco:7.3.8:*:*:*:*:*:*:*","matchCriteriaId":"D481EA7F-CD7C-4AAA-8BD9-2C2225DD0674"}]}]}],"references":[{"url":"http://issues.umbraco.org/issue/U4-7459","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"https://github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://issues.umbraco.org/issue/U4-7459","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://github.com/umbraco/Umbraco-CMS/commit/18c3345e47663a358a042652e697b988d6a380eb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2015-8815","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page."},{"lang":"es","value":"Múltiples vulnerabilidades de XSS en Umbraco en versiones anteriores a 7.4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del nombre de parámetro a (1) la página de medios, (2) la página de edición de datos del desarrollador o (3) la página de formulario."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:*","versionEndIncluding":"7.3.8","matchCriteriaId":"515649F9-861D-4A20-9D67-914BE8C26CB7"}]}]}],"references":[{"url":"http://issues.umbraco.org/issue/U4-7461","source":"cve@mitre.org","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://issues.umbraco.org/issue/U4-7461","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking"]},{"url":"http://www.openwall.com/lists/oss-security/2016/02/16/10","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}},{"cve":{"id":"CVE-2016-6882","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack."},{"lang":"es","value":"MatrixSSL en versiones anteriores a 3.8.7, cuando el conjunto de cifrado basado en DHE_RSA es admitido, hace más fácil a atacantes remotos obtener información de la clave privada RSA llevando un ataque Lenstra de canal lateral."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"},{"lang":"en","value":"CWE-320"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.6","matchCriteriaId":"5E830D80-ECB2-4764-BEC7-03CC59517109"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/7","source":"cve@mitre.org","tags":["Mailing List","Patch"]},{"url":"http://www.securityfocus.com/bid/91488","source":"cve@mitre.org"},{"url":"https://access.redhat.com/blogs/766093/posts/1976703","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch"]},{"url":"http://www.securityfocus.com/bid/91488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://access.redhat.com/blogs/766093/posts/1976703","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md#validation-of-rsa-signature-creation","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]},{"url":"https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]}]}},{"cve":{"id":"CVE-2016-6883","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.310","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack."},{"lang":"es","value":"MatrixSSL en versiones anteriores a 3.8.3 configurado con RSA Cipher Suites permite a atacantes remotos obtener información sensible a través de una variante de ataque Bleichenbacher."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.2","matchCriteriaId":"BD87C809-DD12-466B-A014-3D156D73CB88"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/8","source":"cve@mitre.org","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/91488","source":"cve@mitre.org"},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"http://www.securityfocus.com/bid/91488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]}]}},{"cve":{"id":"CVE-2016-6884","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.340","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message."},{"lang":"es","value":"Conjuntos de cifrado TLS con modo CBC en TLS 1.1 y 1.2 en MatrixSSL en versiones anteriores a 3.8.3 permiten a atacantes remotos provocar una denegación de servicios (lectura fuera de límites) a través de un mensaje manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:matrixssl:matrixssl:*:*:*:*:*:*:*:*","versionEndIncluding":"3.8.2","matchCriteriaId":"BD87C809-DD12-466B-A014-3D156D73CB88"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/8","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91488","source":"cve@mitre.org"},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/08/19/8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91488","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/matrixssl/matrixssl/blob/master/CHANGES.md","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2016-7406","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument."},{"lang":"es","value":"Vulnerabilidad de formato de cadena en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes remotos ejecutar código arbitrario a través de especificadores de cadena de formato en el (1) nombre de usuario o (2) argumento de anfitrión."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.73","matchCriteriaId":"531C1EEF-E881-499C-9C92-DE6C2E547732"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92974","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2024/Aug/35","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92974","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7407","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.420","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file."},{"lang":"es","value":"El comando dropbearconvert en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes ejecutar código arbitrario a través de un archivo OpenSSH clave manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.73","matchCriteriaId":"531C1EEF-E881-499C-9C92-DE6C2E547732"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92972","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92972","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7408","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.480","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument."},{"lang":"es","value":"El dbclient en Dropbear SSH en versiones anteriores a 2016.74 permite a atacantes remotos ejecutar código arbitrario a través de un argumento (1) -m o (2) -c manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.73","matchCriteriaId":"531C1EEF-E881-499C-9C92-DE6C2E547732"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92970","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92970","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7409","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident."},{"lang":"es","value":"El dbclient y el servidor en Dropbear SSH en versiones anteriores a 2016.74, cuando se compila con DEBUG_TRACE, permite a usuarios locales leer la memoria del proceso a través del argumento -v, relacionado con un ident remoto fallido."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*","versionEndIncluding":"2016.73","matchCriteriaId":"531C1EEF-E881-499C-9C92-DE6C2E547732"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92973","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/92973","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1376353","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201702-23","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7969","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.560","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to \"0/3 line wrapping equalization.\""},{"lang":"es","value":"La función wrap_lines_smart en ass_render.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados, relacionados con \"0/3 ecualización de envoltura de línea\"."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libass_project:libass:*:*:*:*:*:*:*:*","versionEndIncluding":"0.13.3","matchCriteriaId":"4CBD3C82-6F32-4279-84C4-88E8F0AA8CD4"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/commit/f4f48950788b91c6a30029cc28a240b834713ea7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7970","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.623","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors."},{"lang":"es","value":"Desbordamiento de búfer en la función calc_coeff en libass/ass_blur.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libass_project:libass:*:*:*:*:*:*:*:*","versionEndIncluding":"0.13.3","matchCriteriaId":"4CBD3C82-6F32-4279-84C4-88E8F0AA8CD4"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7972","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T16:59:00.717","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors."},{"lang":"es","value":"La función check_allocations en libass/ass_shaper.c en libass en versiones anteriores a 0.13.4 permite a atacantes remotos provocar una denegación de servicio (fallo de ubicación de memoria) a través de vectores no especificados."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-399"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","matchCriteriaId":"03117DF1-3BEC-4B8D-AD63-DBBDB2126081"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*","matchCriteriaId":"E79AB8DD-C907-4038-A931-1A5A4CFB6A5B"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","matchCriteriaId":"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*","matchCriteriaId":"772E9557-A371-4664-AE2D-4135AAEB89AA"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libass_project:libass:*:*:*:*:*:*:*:*","versionEndIncluding":"0.13.3","matchCriteriaId":"4CBD3C82-6F32-4279-84C4-88E8F0AA8CD4"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"cve@mitre.org","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"cve@mitre.org"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"cve@mitre.org","tags":["Patch","Third Party Advisory","VDB Entry"]},{"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00068.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/10/05/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/93358","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1381960","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/libass/libass/releases/tag/0.13.4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KW6DNERYHPI5Y6SQYU3XKTVSCOWMIHUC/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7JJ2SGVOX6UQQIRMVC3QACJLKHE2PYN/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUOUOK3VULMMZTNSCRFCNPDAPDWAVK7X/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201702-25","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-10061","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T17:59:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (crash) via a crafted image file."},{"lang":"es","value":"La función ReadGROUP4Image en coders/tiff.c en ImageMagick en versiones anteriores a 7.0.1-10 no verifica el valor de retorno de la función fputc, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de un archivo de imagen manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-252"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndExcluding":"6.9.4-8","matchCriteriaId":"C50BDD0E-23E5-431B-AA90-CC246170C0F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0-0","versionEndExcluding":"7.0.1-10","matchCriteriaId":"3FBA4C0C-4880-4275-82D5-404EAAE91101"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95207","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410471","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95207","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410471","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10065","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T17:59:00.253","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0.1-0 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted file."},{"lang":"es","value":"La función ReadVIFFImage en coders/viff.c en ImageMagick en versiones anteriores a 7.0.1-0 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o tener otro impacto no especificado a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.7-10","matchCriteriaId":"7343EDC4-13AF-4BC0-BA96-AB1704D3DA42"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95213","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410482","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/129","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95213","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410482","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10066","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T17:59:00.313","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Buffer overflow in the ReadVIFFImage function in coders/viff.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via a crafted file."},{"lang":"es","value":"Desbordamiento de búfer en la función ReadVIFFImage en coders/viff.c en ImageMagick en versiones anteriores a 6.9.4-5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-120"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.4-4","matchCriteriaId":"CF13FBCF-4932-47D4-B303-398738E5C9EA"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95217","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410491","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/e45e48b881038487d0bc94d92a16c1537616cc0a","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f6e9d0d9955e85bdd7540b251cd50d598dacc5e6","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95217","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410491","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/e45e48b881038487d0bc94d92a16c1537616cc0a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/f6e9d0d9955e85bdd7540b251cd50d598dacc5e6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-10070","sourceIdentifier":"cve@mitre.org","published":"2017-03-03T18:59:00.147","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file."},{"lang":"es","value":"Desbordamiento de búfer basado en memoria dinámica en la función CalcMinMax en coders/mat.c en ImageMagick en versiones anteriores a 6.9.4-0 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites y caída de aplicación) a través de un archivo mat manipulado."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*","versionEndIncluding":"6.9.3-10","matchCriteriaId":"9EF469CF-DE38-4068-AA0D-1E0CDDB9A765"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","matchCriteriaId":"4863BE36-D16A-4D75-90D9-FD76DB5B48B7"},{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*","matchCriteriaId":"1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95221","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410510","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00028.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-updates/2017-02/msg00031.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/26/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95221","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1410510","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/a6240a163cb787909703d9fc649cf861f60ddd7c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-3127","sourceIdentifier":"secure@blackberry.com","published":"2017-03-03T18:59:00.193","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An information disclosure vulnerability in the logging implementation of BlackBerry Good Control Server versions earlier than 2.3.53.62 allows remote attackers to gain and use logged encryption keys to access certain resources within a customer's Good deployment by gaining access to certain diagnostic log files through either a valid logon or an unrelated compromise of the server."},{"lang":"es","value":"Una vulnerabilidad de divulgación de información en la implementación de inicio de sesión de BlackBerry Good Control Server en versiones anteriores a 2.3.53.62 permite a atacantes remotos obtener y utilizar claves de cifrado registradas para acceder a ciertos recursos dentro de la implementación Good de un cliente obteniendo acceso a ciertos archivos de registro de diagnóstico a través de un inicio de sesión válido o un comprometimiento no relacionado del servidor."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:blackberry:good_control_server:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.511.26","matchCriteriaId":"7FCB51F8-A854-41D6-8F6F-AD197C8A3A6D"}]}]}],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038301","source":"secure@blackberry.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96629","source":"secure@blackberry.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000038301","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96629","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-8236","sourceIdentifier":"psirt@lenovo.com","published":"2017-03-03T18:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77."},{"lang":"es","value":"El reestablecimiento de la configuración predeterminada puede ocurrir en Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 durante una tormenta de difusión prolongada en versiones TSM anteriores a 3.77."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:lenovo:thinkserver_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"3.76.208","matchCriteriaId":"DE1DF4A1-F602-41F8-8EBD-CFB793C72EE2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkserver_rd350:-:*:*:*:*:*:*:*","matchCriteriaId":"A988370E-47F4-4DC3-91AB-025360D07160"},{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkserver_rd450:-:*:*:*:*:*:*:*","matchCriteriaId":"B994FC89-D6B6-4191-BC53-A36211DE94F8"},{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkserver_rd550:-:*:*:*:*:*:*:*","matchCriteriaId":"4BDCBFD8-D031-4034-AEF9-6F31CC1C5814"},{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkserver_rd650:-:*:*:*:*:*:*:*","matchCriteriaId":"B2211D4D-0EB0-4E15-83D5-E94138D68284"},{"vulnerable":false,"criteria":"cpe:2.3:h:lenovo:thinkserver_td350:-:*:*:*:*:*:*:*","matchCriteriaId":"83BDBAD4-5483-4D37-A727-D5FE876FF26E"}]}]}],"references":[{"url":"https://support.lenovo.com/us/en/solutions/LEN-9307","source":"psirt@lenovo.com","tags":["Patch","Vendor Advisory"]},{"url":"https://support.lenovo.com/us/en/solutions/LEN-9307","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6467","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.163","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bucle infinito del archivo analizador Netscaler, desencadenado por un archivo de captura malformado. Esto fue abordado en wiretap/netscaler.c cambiando las restricciones en el tamaño de archivo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96561","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=284ad58d288722a8725401967bff0c4455488f0c","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-11.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96561","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=284ad58d288722a8725401967bff0c4455488f0c","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-11.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6468","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.210","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay una bloqueo del archivo analizador NetScaler, desencadenada por un archivo de captura malformado. Esto fue abordado en wiretap/netscaler.c validando la relación entre páginas y registros."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96569","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-08.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96569","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-08.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6469","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.240","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bloqueo del disector LDSS, desencadenado por inyección de paquetes o un archivo de captura malformado. Esto fue abordado en epan/dissectors/packet-ldss.c asegurando que la memoria es asignada para una cierta estructura de datos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96577","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4f753c127082d5e28abf482d6d175cbfee6661f7","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-03.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96577","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=4f753c127082d5e28abf482d6d175cbfee6661f7","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-03.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6470","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.270","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bucle infinito de IAX2, desencadenado por inyección de paquetes o un archivo de captura malformado. Esto fue abordado en epan/dissectors/packet-iax2.c constriñendo el retraso de paquetes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96563","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=0b89174ef4c531a1917437fff586fe525ee7bf2d","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-10.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96563","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=0b89174ef4c531a1917437fff586fe525ee7bf2d","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-10.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6471","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bucle infinito WSP, desencadenado por inyección de paquetes o un archivo de captura malformado. Esto fue abordado en epan/dissectors/packet-wsp.c validando la longitud de la capacidad."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96564","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=62afef41277dfac37f515207ca73d33306e3302b","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-05.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96564","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=62afef41277dfac37f515207ca73d33306e3302b","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-05.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6472","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.350","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bucle infinito del disector RTMPT, desencadenado por inyección de paquetes o un archivo de captura malformado. Esto fue abordado en epan/dissectors/packet-rtmpt.c incrementando adecuadamente un cierto valor de secuencia."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96571","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2b3a0909beff8963b390034c594e0b6be6a4e531","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-04.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96571","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2b3a0909beff8963b390034c594e0b6be6a4e531","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-04.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6473","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.397","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bloqueo del analizador de archivos K12, desencadenado por un archivo de captura malformado. Esto fue abordado en wiretap/k12.c validando las relaciones entre longitudes y desplazamientos."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96565","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7edc761a01cda8e1b37677f673985582330317d2","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-09.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96565","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7edc761a01cda8e1b37677f673985582330317d2","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-09.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6474","sourceIdentifier":"cve@mitre.org","published":"2017-03-04T03:59:00.427","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes."},{"lang":"es","value":"En Wireshark 2.2.0 hasta 2.2.4 y 2.0.0 hasta 2.0.10, hay un bucle infinito del analizador de archivos NetScaler, desencadenado por un archivo de captura malformado. Esto fue abordado en wiretap/netscaler.c validando tamaños de registro."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-835"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndIncluding":"2.0.10","matchCriteriaId":"6D169318-8BFB-4888-A742-750659350DAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndIncluding":"2.2.4","matchCriteriaId":"BD2DA6B4-7778-453F-8E71-0C90B060CFBD"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3811","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96566","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a998c9195f183d85f5b0bbeebba21a2d4d303d47","source":"cve@mitre.org"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-07.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3811","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96566","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=a998c9195f183d85f5b0bbeebba21a2d4d303d47","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wireshark.org/security/wnpa-sec-2017-07.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6445","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely."},{"lang":"es","value":"La funcionalidad auto-update de Open Embedded Linux Entertainment Center (OpenELEC) versiones 6.0.3, 7.0.1 y 8.0.4, no utiliza conexiones cifradas ni actualizaciones firmadas. Un atacante de tipo man-in-the-middle podría manipular los paquetes de actualización para conseguir acceso root remotamente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:C/I:C/A:C","baseScore":7.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":4.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-311"},{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openelec:openelec:6.0.3:*:*:*:*:*:*:*","matchCriteriaId":"858D757D-216F-4E16-80EA-5585AB91D4C2"},{"vulnerable":true,"criteria":"cpe:2.3:o:openelec:openelec:7.0.1:*:*:*:*:*:*:*","matchCriteriaId":"FDDC42C0-57BF-429C-B3A7-2D8FE67F262C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96580","source":"cve@mitre.org"},{"url":"https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited","source":"cve@mitre.org"},{"url":"https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle","source":"cve@mitre.org","tags":["Exploit","Technical Description","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96580","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Technical Description","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6478","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.213","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter)."},{"lang":"es","value":"paintballrefjosh/MaNGOSWebV4 en versiones anteriores a 4.0.8 es vulnerable a un XSS reflejado en install/index.php (parámetro step)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mangoswebv4_project:mangoswebv4:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.8","matchCriteriaId":"C6931F29-FE51-4E52-9205-9FE8BEA2B011"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96584","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2017-6478.md","source":"cve@mitre.org"},{"url":"https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8","source":"cve@mitre.org","tags":["Patch","Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96584","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6479","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.247","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter)."},{"lang":"es","value":"FenixHosting/fenix-open-source en versiones anteriores a 04-03-2017 es vulnerable a un XSS reflejado en forums/search.php (parámetro search-by-topic)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fenix_hosting:fenix-open-source:*:*:*:*:*:*:*:*","versionEndIncluding":"2017-02-21","matchCriteriaId":"F3269DF3-E339-41DA-880B-7B2FC848B78F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96587","source":"cve@mitre.org"},{"url":"https://github.com/FenixHosting/fenix-open-source/issues/2","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96587","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/FenixHosting/fenix-open-source/issues/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6480","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.277","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter)."},{"lang":"es","value":"groovel/cmsgroovel en versiones anteriores a 3.3.7-beta es vulnerable a un XSS reflejado en commons/browser.php (parámetro path)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:groovel_project:cmsgroovel:*:beta:*:*:*:*:*:*","versionEndIncluding":"3.3.6","matchCriteriaId":"241FE44F-994A-48B9-BD69-3D5CAE1A3AD6"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96585","source":"cve@mitre.org"},{"url":"https://github.com/groovel/cmsgroovel/issues/2","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96585","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/groovel/cmsgroovel/issues/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/groovel/cmsgroovel/releases/tag/3.3.7-beta","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6481","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.307","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en phpipam 1.2. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario a varias páginas (instrucciones en app/admin/instructions/preview.php; subnetId en app/admin/powerDNS/refresh-ptr-records.php). Un atacante podría ejecutar código HTML y scrip arbitrario en el navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2","matchCriteriaId":"8C1A0507-AFF1-40E0-A9EE-8F90BFF51833"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96573","source":"cve@mitre.org"},{"url":"https://github.com/phpipam/phpipam/issues/992","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96573","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/phpipam/phpipam/issues/992","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6483","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.357","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages (lang_code in themes/*/admin/system_preferences/language_edit.tmpl.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en ATutor 2.2.2. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario a varias páginas (lang_code en themes/*/admen /system_preferences/language_edit.tmpl.php). Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atutor:atutor:*:*:*:*:*:*:*:*","versionEndIncluding":"2.2.2","matchCriteriaId":"FF908CFF-8192-462B-8966-C6FA918166F9"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96578","source":"cve@mitre.org"},{"url":"https://github.com/atutor/ATutor/issues/129","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96578","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/atutor/ATutor/issues/129","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6484","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.387","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data (c and cred) passed to the \"INTER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en TER-Mediator 5.5. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (c y cred) pasados a la URL \"en TER-Mediator-master/Auth_Support/PasswordReset/resetpassword.php\". Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:inter-mediator:inter-mediator:5.5:-:*:*:*:*:*:*","matchCriteriaId":"80FFF717-6C28-4B50-AC6D-926FE4C8D3D7"}]}]}],"references":[{"url":"https://github.com/INTER-Mediator/INTER-Mediator/issues/772","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/INTER-Mediator/INTER-Mediator/issues/772","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6485","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.417","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data (errorMsg) passed to the \"php-calendar-master/error.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Un problema de XSS ha sido descubierto en php-calendar en versiones anteriores a 03-03-2017. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario (errosMsg) pasados a la URL \"php-calendar-master/error.php\". Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php-calendar:php-calendar:*:*:*:*:*:*:*:*","versionEndIncluding":"2015-12-04","matchCriteriaId":"4018310C-D630-40FA-9851-EC6A4B85F2BE"}]}]}],"references":[{"url":"https://github.com/jasonjoh/php-calendar/issues/4","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://github.com/jasonjoh/php-calendar/issues/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6486","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the \"reasoncms-master/www/nyroModal/demoSent.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Un problema de XSS ha sido descubierto en reasoncms en versiones anteriores a 4.7.1. La vulnerabilidad existe debido a filtración insuficiente de datos suministrados por el usuario (nyroModalSel) pasados a la URL \"reasoncms-master/www/nyroModal/demoSent.php\". Un atacante podría ejecutar código HTML y scrip arbitrario en el navegador en un contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:reasoncms:reasoncms:*:*:*:*:*:*:*:*","versionEndIncluding":"4.7","matchCriteriaId":"BC459040-C1E9-40BE-B325-D2C9F88B8311"}]}]}],"references":[{"url":"https://github.com/reasoncms/reasoncms/issues/264","source":"cve@mitre.org","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1","source":"cve@mitre.org","tags":["Release Notes","Vendor Advisory"]},{"url":"https://github.com/reasoncms/reasoncms/issues/264","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"]},{"url":"https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6487","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.497","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to the \"EPESI-master/modules/Utils/RecordBrowser/favorites.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en EPESI 1.8.1.1. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (state, element, id, tab, cid) pasados a la URL \"EPESI-master/modules/Utils/RecordBrowser/favorites.php\". Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:epesi:epesi:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"86D90A53-3894-49D2-BBD6-491BF63B9F3F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96586","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/165","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"http://www.securityfocus.com/bid/96586","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/165","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]}]}},{"cve":{"id":"CVE-2017-6488","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (visible, tab, cid) passed to the EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en EPESI 1.8.1.1. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (visible, tab, cid) pasados a la URL EPESI-master/modules/Utils/RecordBrowser/Filters/save_filters.php. Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:epesi:epesi:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"86D90A53-3894-49D2-BBD6-491BF63B9F3F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96955","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/166","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"http://www.securityfocus.com/bid/96955","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/166","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]}]}},{"cve":{"id":"CVE-2017-6489","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en EPESI 1.8.1.1. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (element, state, cat, id, cid) pasados a la URL EPESI-master/modules/Utils/Watchdog/subscribe.php. Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web arbitrario."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:epesi:epesi:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"86D90A53-3894-49D2-BBD6-491BF63B9F3F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96955","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/169","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"http://www.securityfocus.com/bid/96955","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]}]}},{"cve":{"id":"CVE-2017-6490","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.573","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (cid, value, element, mode, tab, form_name, id) passed to the EPESI-master/modules/Utils/RecordBrowser/grid.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en EPESI 1.8.1.1. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (cid, value, element, mode, tab, form_name, id) pasados a la URL EPESI-master/modules/Utils/RecordBrowser/grid.php. Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:epesi:epesi:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"86D90A53-3894-49D2-BBD6-491BF63B9F3F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96955","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/167","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"http://www.securityfocus.com/bid/96955","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/167","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]}]}},{"cve":{"id":"CVE-2017-6491","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.607","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."},{"lang":"es","value":"Múltiples problemas de XSS han sido descubiertos en EPESI 1.8.1.1. Las vulnerabilidades existen debido a filtración insuficiente de datos suministrados por el usuario (tooltip_id, callback, args, cid) pasados a la URL EPESI-master/modules/Utils/Tooltip/req.php. Un atacante podría ejecutar código HTML y scrip arbitrario en un navegador en el contexto del sitio web vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:epesi:epesi:1.8.1.1:*:*:*:*:*:*:*","matchCriteriaId":"86D90A53-3894-49D2-BBD6-491BF63B9F3F"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96955","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/168","source":"cve@mitre.org","tags":["Exploit","Patch"]},{"url":"http://www.securityfocus.com/bid/96955","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/Telaxus/EPESI/issues/168","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"]}]}},{"cve":{"id":"CVE-2017-6492","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T20:59:00.637","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL Injection was discovered in adm_program/modules/dates/dates_function.php in Admidio 3.2.5. The POST parameter dat_cat_id is concatenated into a SQL query without any input validation/sanitization."},{"lang":"es","value":"Inyección SQL ha sido descubierta en adm_program/modules/dates/dates_function.php en Admidio 3.2.5. El parámetro POST dat_cat_id es concatenado en una consulta SQL sin ninguna entrada de validación/desinfección."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:admidio:admidio:3.2.5:*:*:*:*:*:*:*","matchCriteriaId":"85E4AA60-7461-4123-900E-5F4EDE4B8937"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/97034","source":"cve@mitre.org"},{"url":"https://github.com/hamkovic/Admidio-3.2.5-SQLi","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97034","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/hamkovic/Admidio-3.2.5-SQLi","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6446","sourceIdentifier":"cve@mitre.org","published":"2017-03-05T21:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters."},{"lang":"es","value":"Vulnerabilidad de XSS ha sido descubierta en Dotclear v2.11.2, afectando a admin/blogs.php y admin/users.php con los parámetros de ordenar por y orden."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dotclear:dotclear:2.11.2:*:*:*:*:*:*:*","matchCriteriaId":"E7CF8D88-965B-4FC3-95E1-C2C3FA051A03"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96575","source":"cve@mitre.org"},{"url":"https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/96575","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://dev.dotclear.org/2.0/changeset/1e44804e7c85b45f42245111c8c0de100a2ff6e3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2017-6351","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.463","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885."},{"lang":"es","value":"El dispositivo WePresent WiPG-1500 con firmware 1.0.3.7 tiene una cuenta de fabricante que tiene un nombre de usuario / contraseña codificados. Una vez que el dispositivo está configurado en el modo DEBUG, un atacante puede conectarse al dispositivo usando el protocolo telnet e iniciar sesión en el dispositivo con la cuenta de fabricante codificada \"abarco\". Esta cuenta no está documentada, ni tampoco lo está la característica DEBUG o el uso de telnetd en puerto tcp/5885."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-798"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:wepresent:wipg-1500_firmware:1.0.3.7:*:*:*:*:*:*:*","matchCriteriaId":"E9667DDE-56BF-4D9D-89B3-BD1A833A66B3"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:wepresent:wipg-1500:-:*:*:*:*:*:*:*","matchCriteriaId":"400D4CC4-30BA-4705-A353-1C48BA1D5E51"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96588","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.wepresentwifi.com/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41480/","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/96588","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.wepresentwifi.com/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.exploit-db.com/exploits/41480/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-6416","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.493","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka \"Service ready\") string."},{"lang":"es","value":"Ha sido descubierto un problema en SysGauge 1.5.18. Una vulnerabilidad de desbordamiento de búfer en la verificación de la conexión SMTP conduce a ejecución de código arbitrario. El vector de ataque es un demonio SMTP manipulado que envía una larga cadena 220 (también conocida como \"Service ready\")."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flexense:sysgauge:1.5.18:*:*:*:*:*:*:*","matchCriteriaId":"B0BB7C5D-BC14-4F5F-B682-F7595BE788BF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96568","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41479/","source":"cve@mitre.org","tags":["Exploit","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96568","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41479/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6497","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.527","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS)."},{"lang":"es","value":"Ha sido descubierto un problema en ImageMagick 6.9.7. Un archivo psd especialmente manipulado, podría conducir a una referencia de puntero NULL (por lo tanto, un DoS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96594","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856882","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/96594","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856882","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2017-6498","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.557","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS."},{"lang":"es","value":"Ha sido descubierto un problema en ImageMagick 6.9.7.. Archivos TGA incorrectos podrían desencadenar fallos de aserción, lo que conduciría a DoS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3808","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96591","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856878","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/pull/359","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96591","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856878","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/pull/359","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6499","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.587","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially crafted file creating a nested exception could lead to a memory leak (thus, a DoS)."},{"lang":"es","value":"Ha sido descubierto un problema en Magick++ en ImageMagick 6.9.7. Un archivo especialmente manipulado que crea una excepción anidada podría conducir a una pérdida de memoria (en consecuencia, un DoS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-772"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3808","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96590","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856880","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96590","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856880","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-6500","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.620","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ImageMagick 6.9.7. A specially crafted sun file triggers a heap-based buffer over-read."},{"lang":"es","value":"Ha sido descubierto un problema en ImageMagick 6.9.7. Un archivo sun especialmente manipulado desencadena una sobre lectura de búfer basada en memoria dinámica."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3808","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96592","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856879","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/375","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/376","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3808","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96592","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856879","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/375","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/issues/376","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6501","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.650","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference."},{"lang":"es","value":"Ha sido descubierto un problema en ImageMagick 6.9.7. Un archivo cxf especialmente manipulado podría conducir a una referencia de puntero NULL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96589","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856881","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://www.securityfocus.com/bid/96589","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.debian.org/856881","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mailing List","Third Party Advisory"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]}]}},{"cve":{"id":"CVE-2017-6502","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.683","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS)."},{"lang":"es","value":"Ha sido descubierto un problema en ImageMagick 6.9.7. Un archivo web especialmente manipulado podría conducir a una fuga de descriptor de archivo en libmagickcore (en consecuencia, un DoS)."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:imagemagick:imagemagick:6.9.7:*:*:*:*:*:*:*","matchCriteriaId":"E5CFF56F-ED8D-4546-AD6C-47F9CC215B28"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96763","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df","source":"cve@mitre.org","tags":["Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96763","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2017-6503","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.743","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS."},{"lang":"es","value":"Interfaz web en qBittorrent en versiones anteriores a 3.3.11 no escapó de muchos valores, lo que podría conducir potencialmente a XSS."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.10","matchCriteriaId":"E5FA12FE-8F2A-4725-A5CB-2D6897FE6A61"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96758","source":"cve@mitre.org"},{"url":"https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.qbittorrent.org/news.php","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"http://www.securityfocus.com/bid/96758","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.qbittorrent.org/news.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]}]}},{"cve":{"id":"CVE-2017-6504","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T02:59:00.823","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking."},{"lang":"es","value":"Interfaz web en qBittorrent en versiones anteriores a 3.3.11 no estableció el encabezado X-Frame-Options, lo que podría conducir potencialmente a secuestro de clic."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qbittorrent:qbittorrent:*:*:*:*:*:*:*:*","versionEndIncluding":"3.3.10","matchCriteriaId":"E5FA12FE-8F2A-4725-A5CB-2D6897FE6A61"}]}]}],"references":[{"url":"https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://www.qbittorrent.org/news.php","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://www.qbittorrent.org/news.php","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]}]}},{"cve":{"id":"CVE-2016-10244","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T06:59:00.177","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted file."},{"lang":"es","value":"La función parse_charstrings en type1/t1load.c en FreeType 2 en versiones anteriores a 2.7 no asegura que una fuente contiene un nombre glyph, lo que permite a atacantes remotos provocar una denegación de servicio (sobre lectura de búfer basada en memoria dinámica) o posiblemente tener otro impacto no especificado a través de un archivo manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:freetype:freetype:*:*:*:*:*:*:*:*","versionEndExcluding":"2.7.1","matchCriteriaId":"00F6519F-A001-4D60-BB62-96C226DD828A"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7","source":"cve@mitre.org","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3839","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97405","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038090","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038201","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36","source":"cve@mitre.org","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-14","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-04-01","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"cve@mitre.org"},{"url":"http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"http://www.debian.org/security/2017/dsa-3839","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/97405","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038090","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1038201","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/201706-14","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://source.android.com/security/bulletin/2017-04-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2017-5197","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T06:59:00.223","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element."},{"lang":"es","value":"Hay una XSS en SilverStripe CMS en versiones anteriores a 3.4.4 y 3.5.x en versiones anteriores a 3.5.2. El vector de ataque es un nombre de página. Un ejemplo de carga útil es un controlador de eventos JavaScript manipulado en un elemento SVG malformado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:silverstripe:silverstripe:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.3","matchCriteriaId":"AF444DF6-EA4D-42B9-B295-D307F5F63851"},{"vulnerable":true,"criteria":"cpe:2.3:a:silverstripe:silverstripe:3.5.0:*:*:*:*:*:*:*","matchCriteriaId":"7C6FFB1E-4D80-4CB6-AA2E-1C56C86624EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:silverstripe:silverstripe:3.5.1:*:*:*:*:*:*:*","matchCriteriaId":"886ED224-9F57-4C6A-B0B9-D6C1FEDC93AF"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96572","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.silverstripe.org/download/security-releases/","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/96572","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://www.silverstripe.org/download/security-releases/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}},{"cve":{"id":"CVE-2017-5633","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T06:59:00.257","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs."},{"lang":"es","value":"Múltiples vulnerabilidades de CSRF en el router wireless D-Link DI-524 con firmware 9.01 permiten a atacantes remotos (1) cambiar la contraseña de administrador, (2) reiniciar el dispositivo o (3) posiblemente tener otro impacto no especificado a través de peticiones manipuladas a programas CGI."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":8.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.1,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:C/I:C/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":6.8,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:d-link:di-524_firmware:9.01:*:*:*:*:*:*:*","matchCriteriaId":"B45F1E5E-479E-4FBF-9EF8-26B6A77AAD18"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:di-524:-:*:*:*:*:*:*:*","matchCriteriaId":"C2AA1B80-0CBA-4AFC-8F55-71B3C26CFA88"}]}]}],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Feb/70","source":"cve@mitre.org","tags":["Exploit","Product","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96475","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2017/Feb/70","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Product","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96475","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-5999","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T06:59:00.287","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An issue was discovered in sysPass 2.x before 2.1, in which an algorithm was never sufficiently reviewed by cryptographers. The fact that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256() function (the 256-bit block version of Rijndael, not AES) instead of MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown havoc in the remote system."},{"lang":"es","value":"Se ha descubierto un problema en sysPass 2.x en versiones anteriores a 2.1, en el que un algoritmo nunca fue suficientemente revisado por criptógrafos. El hecho de que inc/SP/Core/Crypt.class esté usando la función MCRYPT_RIJNDAEL_256() (la versión de bloque de 256 bits de Rijndael, no AES) en lugar de MCRYPT_RIJNDAEL_128 (real AES) podría ayudar a un atacante a crear estragos desconocidos en el sistema remoto."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-326"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:syspass:syspass:2.0:*:*:*:*:*:*:*","matchCriteriaId":"F5B10861-9CA4-4BD0-8B7E-6823ED41205C"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96562","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cxsecurity.com/issue/WLB-2017020196","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f","source":"cve@mitre.org","tags":["Patch"]},{"url":"https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601","source":"cve@mitre.org","tags":["Patch","Release Notes"]},{"url":"http://www.securityfocus.com/bid/96562","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://cxsecurity.com/issue/WLB-2017020196","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/nuxsmin/sysPass/commit/a0e2c485e53b370a7cc6d833e192c3c5bfd70e1f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/nuxsmin/sysPass/releases/tag/2.1.0.17022601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Release Notes"]}]}},{"cve":{"id":"CVE-2017-6411","sourceIdentifier":"cve@mitre.org","published":"2017-03-06T06:59:00.317","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password."},{"lang":"es","value":"Vulnerabilidad de CSRF en dispositivos D-Link DSL-2730U C1 IN_1.00 permite a atacantes remotos cambiar la configuración del DNS o firewall o cualquier contraseña."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:dlink:dsl-2730u_firmware:in_1.00:*:*:*:*:*:*:*","matchCriteriaId":"D8834750-FB07-42F4-9BF7-73164FF059B2"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:dlink:dsl-2730u:-:*:*:*:*:*:*:*","matchCriteriaId":"57EAA6ED-2686-4C92-A438-C58AFF75CC50"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/96560","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/41478/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"http://www.securityfocus.com/bid/96560","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/41478/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2017-6508","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T08:59:00.167","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"CRLF injection vulnerability in the url_parse function in url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the host subcomponent of a URL."},{"lang":"es","value":"Vulnerabilidad de inyección CRLF en la función url_parse en url.c en Wget hasta la versión 1.19.1 permite a atacantes remotos inyectar encabezados HTTP arbitrarios a través de secuencias CRLF en el subcomponente del host de una URL."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-93"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:wget:*:*:*:*:*:*:*:*","versionEndIncluding":"1.19.1","matchCriteriaId":"BB992E4D-6D7A-421F-BC30-123E4ADD2D82"}]}]}],"references":[{"url":"http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4","source":"cve@mitre.org","tags":["Patch"]},{"url":"http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html","source":"cve@mitre.org","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/96877","source":"cve@mitre.org"},{"url":"https://security.gentoo.org/glsa/201706-16","source":"cve@mitre.org"},{"url":"http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List"]},{"url":"http://www.securityfocus.com/bid/96877","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/201706-16","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2013-5653","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.157","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The getenv and filenameforall functions in Ghostscript 9.10 ignore the \"-dSAFER\" argument, which allows remote attackers to read data via a crafted postscript file."},{"lang":"es","value":"Las funciones getenv y filenameforall en Ghostscript 9.10 ignoran el argumento \"-dSAFER\", lo que permite a atacantes remotos leer datos a través de un archivo postcript manipulado."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:artifex:afpl_ghostscript:9.10:*:*:*:*:*:*:*","matchCriteriaId":"0E5FA8AA-F2A3-4DB1-A02C-3BD93288B50F"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2017-0013.html","source":"cve@mitre.org"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0014.html","source":"cve@mitre.org"},{"url":"http://www.debian.org/security/2016/dsa-3691","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/29/28","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/29/5","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96497","source":"cve@mitre.org"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=694724","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697169","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380327","source":"cve@mitre.org","tags":["Issue Tracking","Patch"]},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0013.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://rhn.redhat.com/errata/RHSA-2017-0014.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.debian.org/security/2016/dsa-3691","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/29/28","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/29/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/96497","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=694724","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://bugs.ghostscript.com/show_bug.cgi?id=697169","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380327","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]}]}},{"cve":{"id":"CVE-2016-10040","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.237","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags."},{"lang":"es","value":"Desbordamiento de búfer basado en pila en QXmlSimpleReader en Qt 4.8.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo xml con múltiples etiquetas anidadas abiertas."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-119"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qt:qxmlsimplereader:4.8.5:*:*:*:*:*:*:*","matchCriteriaId":"81E56BC5-7C8B-49E5-993C-702C590B18AF"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/12/24/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/4","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95113","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409597","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/12/24/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2017/01/14/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/95113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1409597","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-5315","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.283","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image."},{"lang":"es","value":"La función setByteArray en tif_dir.c en libtiff 4.0.6 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de una imagen tiff manipulada."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:N/A:P","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*","versionEndIncluding":"4.0.6","matchCriteriaId":"7DBB051D-E94D-4553-88A6-750BE80B7617"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","matchCriteriaId":"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}]}]}],"references":[{"url":"http://www.debian.org/security/2017/dsa-3762","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/2","source":"cve@mitre.org","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91204","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1346694","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.debian.org/security/2017/dsa-3762","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/06/15/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1346694","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory","VDB Entry"]},{"url":"https://security.gentoo.org/glsa/201701-16","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-6244","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.330","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel 5.9 allows remote attackers to cause a denial of service (panic) via a negative \"ts.tv_sec\" value."},{"lang":"es","value":"La función sys_thrsigdivert en kern/kern_sig.c en el kernel OpenBSD 5.9 permite a atacantes remotos provocar una denegación de servicio (pánico) a través de un valor \"ts.tv_sec\" negativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:C","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openbsd:openbsd:5.9:*:*:*:*:*:*:*","matchCriteriaId":"DD160B3E-E1D1-432E-ABFB-B288B4EEEE4A"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/7","source":"cve@mitre.org","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91805","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.openwall.com/lists/oss-security/2016/07/17/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/91805","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}},{"cve":{"id":"CVE-2016-7145","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.360","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter."},{"lang":"es","value":"Una vulnerabilidad de elevación de privilegios en el verificador de recuperación podría permitir a una aplicación local maliciosa ejecutar código arbitrario en el contexto del kernel. Este problema está calificado como Critical debido a la posibilidad de que el dispositivo sea comprometido localmente de forma permanente, que puede requerir reflashing del sistema operativo para reparar el dispositivo. Producto: Android. Versiones: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. ID de Android: A-31914369."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nefarious2_project:nefarious2:2.0:*:*:*:*:*:*:*","matchCriteriaId":"8D8E8B5E-4947-4317-82C4-D1098F127C8C"}]}]}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/9","source":"cve@mitre.org","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2016/09/05/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Patch","Third Party Advisory"]},{"url":"https://github.com/evilnet/nefarious2/commit/f50a84bad996d438e7b31b9e74c32a41e43f8be5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}},{"cve":{"id":"CVE-2016-9148","sourceIdentifier":"cve@mitre.org","published":"2017-03-07T15:59:00.390","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter."},{"lang":"es","value":"Vulnerabilidad de XSS en CA Service Desk Manager (anteriormente CA Service Desk) 12.9 y 14.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro QBE.EQ.REF_NUM."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ca:service_desk_manager:12.9:*:*:*:*:*:*:*","matchCriteriaId":"AFEE1987-820F-401D-8F54-8848592B189B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ca:service_desk_manager:14.1:*:*:*:*:*:*:*","matchCriteriaId":"03F17B23-F656-49BD-952E-B31733A9A0F1"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/139660/CA-Service-Desk-Manaager-12.9-14.1-Code-Execution.html","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Nov/53","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-02-security-notice-for-ca-service-desk-manager.html","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94258","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037262","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://packetstormsecurity.com/files/139660/CA-Service-Desk-Manaager-12.9-14.1-Code-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://seclists.org/fulldisclosure/2016/Nov/53","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.ca.com/us/services-support/ca-support/ca-support-online/product-content/recommended-reading/security-notices/ca20161109-02-security-notice-for-ca-service-desk-manager.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/94258","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037262","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}